Amazon employees had access to sensitive user data through Alexa
Almost a week ago there was the disturbing news that nearly 1,000 Amazon employees listen to and evaluate thousands of Alexa recordings of the smart speaker every day. But as a new report shows, much more sensitive data seems to have been released.
As Bloomberg now reports, Amazon employees not only had access to voice recordings linked to the device's account number, first name and serial number, they also had access to the device's serial number. The same team could also access the users' location information in the form of longitude and latitude.
This allowed the customer's home address to be found out in less than a minute on a quick Google Maps search. According to the two people who provided the information, until recently most of the people in the analysis team could access the data.
This is particularly frightening, as Amazon recently stated in a statement about last week's incidents that the team members had no direct access to such information and therefore no means to identify the people whose voice recordings they were analyzing for speech recognition training.
In a statement from Amazon about the current incident it says now:
"Access to internal tools is strictly controlled and only granted to a limited number of employees who need these tools to train and improve the service by processing an extremely small amount of interactions. Our policies strictly prohibit employee access to or use of customer information for any other reason, and we have a zero tolerance policy for misuse of our systems. We regularly review employee access to internal tools and limit access whenever and wherever possible.
"Location data is among the most sensitive personal user information," says Lindsey Barrett, associate attorney and lecturer at the Georgetown Law Communications and Technology Clinic. Here it should be remembered: "Whenever someone knows where you are, this means that the info could go to someone who can find you if you don't want to be found."
So far, there is no evidence that employees have been playing games with this information. But Amazon recognizes the concerns that the information was so openly available, and has significantly limited the data available to employees.
Do you think that information about your own location is a sensitive topic? After the events, would you still get an Amazon Echo?
Source: Bloomberg
If you don't want to be found, stay offline
may be we dont have have any access
Amazon and Facebook, two malicious and privacy invasive companies.