Over the past few days Amazon has informed some customers that it has fired an employee for leaking customer email addresses to an unnamed third party, according to multiple copies of the notification email obtained by Motherboard.
The news highlights the continued risk of insiders at tech companies, who may leverage access to data for their own purposes or for profit.
"We are writing to let you know that your e-mail address was disclosed by an Amazon employee to a third-party in violation of our policies. As a result, we have fired the employee, referred them to law enforcement, and are supporting law enforcement criminal prosecution," the Amazon email reads. The copies Motherboard obtained were sent on Friday and Saturday.
Do you know about any other instances of insider data abuse? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on firstname.lastname@example.org, or email email@example.com.
In a statement, an Amazon spokesperson said the company had fired multiple people.
"The individuals responsible for this incident have been fired. We have referred the bad actors to law enforcement and are supporting their criminal prosecution," the statement read.
In January, Amazon sent a similar email to customers, in which the company said it had fired employees for disclosing email addresses and phone numbers. In the latest case, Amazon told Motherboard that no other information beyond customer names and email addresses was exposed, suggesting this is a separate event.
Amazon declined to answer basic questions, such as how many customers were impacted.
Earlier this year Motherboard reported that Amazon-owned Ring fired multiple employees for improperly accessing Ring customers' video data.