Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Amazon. Show all posts
internet outage
Amazon AWS Cyber incidents Cyber Outage Cyber Security E-commerce Websites Compromised internet outage

AWS Apologizes for Massive Outage That Disrupted Major Platforms Worldwide

 

Amazon Web Services (AWS) has issued an apology to customers following a widespread outage on October 20 that brought down more than a thousand websites and services globally. The disruption affected major platforms including Snapchat, Reddit, Lloyds Bank, Venmo, and several gaming and payment applications, underscoring the heavy dependence of the modern internet on a few dominant cloud providers. The outage originated in AWS’s North Virginia region (US-EAST-1), which powers a significant portion of global online infrastructure. 

According to Amazon’s official statement, the outage stemmed from internal errors that prevented systems from properly linking domain names to the IP addresses required to locate them. This technical fault caused a cascade of connectivity failures across multiple services. “We apologize for the impact this event caused our customers,” AWS said. “We know how critical our services are to our customers, their applications, and their businesses. We are committed to learning from this and improving our availability.”

While some platforms like Fortnite and Roblox recovered within a few hours, others faced extended downtime. Lloyds Bank customers, for instance, reported continued access issues well into the afternoon. Similarly, services like Reddit and Venmo were affected for longer durations. The outage even extended to connected devices such as Eight Sleep’s smart mattresses, which rely on internet access to adjust temperature and elevation. 

The company stated it would work to make its systems more resilient after some users reported overheating or malfunctioning devices during the outage. AWS’s detailed incident summary attributed the issue to a “latent race condition” in the systems managing the Domain Name System (DNS) records in the affected region. Essentially, one of the automated processes responsible for maintaining synchronization between critical database systems malfunctioned, triggering a chain reaction that disrupted multiple dependent services. Because many of AWS’s internal processes are automated, the problem propagated without human intervention until it was detected and mitigated. 

Dr. Junade Ali, a software engineer and fellow at the Institute for Engineering and Technology, explained that “faulty automation” was central to the failure. He noted that the internal “address book” system in the region broke down, preventing key infrastructure components from locating each other. “This incident demonstrates how businesses relying on a single cloud provider remain vulnerable to regional failures,” Dr. Ali added, emphasizing the importance of diversifying cloud service providers to improve resilience. 

The event once again highlights the concentration of digital infrastructure within a few dominant providers, primarily AWS and Microsoft Azure. Experts warn that such dependency increases systemic risk, as disruptions in one region can have global ripple effects. Amazon has stated that it will take measures to strengthen fault detection, introduce greater redundancy, and enhance the reliability of automated processes in its network. 

As the world grows increasingly reliant on cloud computing, the AWS outage serves as a critical reminder of the fragility of internet infrastructure and the urgent need for redundancy and diversification.
Read more »
Technology
Amazon AWS DNS Downdetector Online Banking Technology

Amazon resolves major AWS outage that disrupted apps, websites, and banks globally



 


A widespread disruption at Amazon Web Services (AWS) on Monday caused several high-profile apps, websites, and banking platforms to go offline for hours before the issue was finally resolved later in the night. The outage, which affected one of Amazon’s main cloud regions in the United States, drew attention to how heavily the global digital infrastructure depends on a few large cloud service providers.

According to Amazon’s official update, the problem stemmed from a technical fault in its Domain Name System (DNS) — a core internet function that translates website names into numerical addresses that computers can read. When the DNS experiences interruptions, browsers and applications lose their ability to locate and connect with servers, causing widespread loading failures. The company confirmed the issue affected its DynamoDB API endpoint in the US-EAST-1 region, one of its busiest hubs.

The first reports of disruptions appeared around 7:00 a.m. BST on Monday, when users began facing difficulties accessing multiple platforms. As the issue spread, users of services such as Snapchat, Fortnite, and Duolingo were unable to log in or perform basic functions. Several banking websites, including Lloyds and Halifax, also reported temporary connectivity problems.

The outage quickly escalated to a global scale. According to the monitoring website Downdetector, more than 11 million user complaints were recorded throughout the day, an unprecedented figure that reflected the magnitude of the disruption. Early in the incident, Downdetector noted over four million reports from more than 500 affected platforms within just a few hours, which was more than double its usual weekday average.

AWS engineers worked through the day to isolate the source of the issue and restore affected systems. To stabilize its network, Amazon temporarily limited some internal operations to prevent further cascading failures. By 11:00 p.m. BST, the company announced that all services had “returned to normal operations.”

Experts said the incident underlined the vulnerabilities of an increasingly centralized internet. Professor Alan Woodward of the University of Surrey explained that modern online systems are highly interdependent, meaning that an error within one major provider can ripple across numerous unrelated services. “Even small technical mistakes can trigger large-scale failures,” he said, pointing out how human or software missteps in one corner of the infrastructure can have global consequences.

Professor Mike Chapple from the University of Notre Dame compared the recovery process to restoring electricity after a large power outage. He said the system might “flicker” several times as engineers fix underlying causes and bring services gradually back online.

Industry observers say such incidents reflect a growing systemic risk within the cloud computing sector, which is dominated by a handful of major firms such as Amazon, Microsoft, and Google collectively controlling nearly 70% of the market. Cori Crider, director of the Future of Technology Institute, described the current model as “unsustainable,” warning that heavy reliance on a few global companies poses economic and security risks for nations and organizations alike.

Other experts suggested that responsibility also lies with companies using these services. Ken Birman, a computer science professor at Cornell University, noted that many organizations fail to develop backup mechanisms to keep essential applications online during provider outages. “We already know how to build more resilient systems,” he said. “The challenge is that many businesses still rely entirely on their cloud providers instead of investing in redundancy.”

Although AWS has not released a detailed technical report yet, its preliminary statement confirmed that the outage originated from a DNS-related fault within its DynamoDB service. The incident, though resolved, highlights a growing concern within the cybersecurity community: as dependence on cloud computing deepens, so does the scale of disruption when a single provider experiences a failure.


Read more »
Privacy
Amazon Cloud Data cloud data security Data Privacy data sovereignty Google Cloud Microsoft Privacy

CLOUD Act Extends US Jurisdiction Over Global Cloud Data Across Microsoft, Google, and Amazon

 

That Frankfurt data center storing your business files or the Singapore server holding your personal photos may not be as secure from U.S. oversight as you think. If the provider is Microsoft, Amazon, Google, or another U.S.-based tech giant, physical geography does little to shield information once American authorities seek access. The Clarifying Lawful Overseas Use of Data (CLOUD) Act, enacted in March 2018, gives U.S. law enforcement broad authority to demand data from American companies no matter where that information is located. Many organizations and individuals who once assumed that hosting data in Europe or Asia provided protection from U.S. jurisdiction now face an overlooked vulnerability.  

The law applies to every major cloud provider headquartered in the United States, including Microsoft, Amazon, Google, Apple, Meta, and Salesforce. This means data hosted in Microsoft’s European facilities, Google’s Asian networks, or Amazon’s servers in regions worldwide can be accessed through proper legal orders. An organization running Office 365 in London or an individual storing iCloud photos in Berlin could have their data obtained by U.S. investigators with little visibility into the process. Even companies promoting themselves as “foreign hosted” may not be immune if they have American subsidiaries or offices. Jurisdiction extends to entities connected to the United States, meaning that promises of sovereignty can be undercut by corporate structure. 

The framework obligates companies to comply quickly with data requests, leaving limited room for delay. Providers may challenge orders if they conflict with local privacy protections, but the proceedings typically occur without the knowledge of the customer whose data is involved. As a result, users may never know their information has been disclosed, since notification is not required. This dynamic has raised significant concerns about transparency, privacy, and the balance of international legal obligations. 

There are alternatives for those seeking stronger guarantees of independence. Providers such as Hetzner in Germany, OVHcloud in France, and Proton in Switzerland operate strictly under European laws and maintain distance from U.S. corporate ties. These companies cannot be compelled to share data with American authorities unless they enter into agreements that extend jurisdiction. However, relying on such providers can involve trade-offs, such as limited integration with mainstream platforms or reduced global reach. Some U.S. firms have responded by offering “sovereign cloud regions” managed locally, but questions remain about whether ultimate control still rests with the parent corporation and therefore remains vulnerable to U.S. legal demands. 

The implications are clear: the choice of cloud provider is not only a technical or financial decision but a geopolitical one. In a world where information represents both power and liability, each upload is effectively a decision about which country’s laws govern your digital life. For businesses and individuals alike, data location may matter less than corporate origin, and the CLOUD Act ensures that U.S. jurisdiction extends far beyond its borders.
Read more »
Privacy Lawsuit
Alexa Amazon Customer Data Data collection Data Privacy Data Privacy Laws Data Safety User Data Personal Data Privacy privacy laws Privacy Lawsuit

Federal Judge Allows Amazon Alexa Users’ Privacy Lawsuit to Proceed Nationwide

 

A federal judge in Seattle has ruled that Amazon must face a nationwide lawsuit involving tens of millions of Alexa users. The case alleges that the company improperly recorded and stored private conversations without user consent. U.S. District Judge Robert Lasnik determined that Alexa owners met the legal requirements to pursue collective legal action for damages and an injunction to halt the alleged practices. 

The lawsuit claims Amazon violated Washington state law by failing to disclose that it retained and potentially used voice recordings for commercial purposes. Plaintiffs argue that Alexa was intentionally designed to secretly capture billions of private conversations, not just the voice commands directed at the device. According to their claim, these recordings may have been stored and repurposed without permission, raising serious privacy concerns. Amazon strongly disputes the allegations. 

The company insists that Alexa includes multiple safeguards to prevent accidental activation and denies evidence exists showing it recorded conversations belonging to any of the plaintiffs. Despite Amazon’s defense, Judge Lasnik stated that millions of users may have been impacted in a similar manner, allowing the case to move forward. Plaintiffs are also seeking an order requiring Amazon to delete any recordings and related data it may still hold. The broader issue at stake in this case centers on privacy rights within the home.

If proven, the claims suggest that sensitive conversations could have been intercepted and stored without explicit approval from users. Privacy experts caution that voice data, if mishandled or exposed, can lead to identity risks, unauthorized information sharing, and long-term security threats. Critics further argue that the lawsuit highlights the growing power imbalance between consumers and large technology companies. Amazon has previously faced scrutiny over its corporate practices, including its environmental footprint. 

A 2023 report revealed that the company’s expanding data centers in Virginia would consume more energy than the entire city of Seattle, fueling additional criticism about the company’s long-term sustainability and accountability. The case against Amazon underscores the increasing tension between technological convenience and personal privacy. 

As voice-activated assistants become commonplace in homes, courts will likely play a decisive role in determining the boundaries of data collection and consumer protection. The outcome of this lawsuit could set a precedent for how tech companies handle user data and whether customers can trust that private conversations remain private.
Read more »
Users
Amazon Cyber Security Fake Emails Federal Trade Commission FTC phishing Users

Amazon Accounts Targeted by New Phishing Scam — Here’s How to Stay Safe



A wave of phishing scams is currently targeting Amazon users, putting millions of accounts at risk. Criminals are sending fake emails and text messages that appear to come from Amazon, tricking users into clicking on links that lead to fraudulent login pages. If you enter your details on these fake pages, your account can be hijacked.

Amazon has confirmed that some of these phishing messages claim your Prime subscription is being renewed at a suspicious price. The messages often include personal information to make them look more believable. In some cases, users are sent text messages about fake refunds or order issues, further increasing the chances of someone falling for the scam.

Cybersecurity firm Guardio recently reported a dramatic rise in such attacks, noting a 5000% increase in fake Amazon texts over just two weeks. These messages aim to trick users into entering their Amazon credentials, which the attackers can then use to take over accounts.

While Amazon has removed tens of thousands of fake websites and phone numbers used in these scams, the attacks continue to spread. The U.S. Federal Trade Commission (FTC) has also issued warnings, reminding consumers that Amazon will never ask for sensitive information over email or text.

To help protect users, Amazon is urging everyone to update their security settings. Here’s what you should do right away:

1. Turn on Two-Step Verification (2SV)

This adds an extra layer of protection to your account. Once enabled, you’ll need both your password and a one-time code to sign in.

• Avoid using SMS for 2SV — it’s less secure.

• Instead, use an authentication app like Google Authenticator or Apple’s Passwords.

If you’ve already set up 2SV through SMS, switch to an app by turning off the current method, clearing your 2SV settings, and enabling it again using your preferred app.


2. Use a Passkey for Sign-In

Passkeys are a newer, more secure login method that links your Amazon account to your device’s fingerprint or face unlock feature. Unlike passwords, passkeys cannot be phished.

• Even if someone tricks you with a fake login page, they won’t be able to access your account without your physical device.

These two simple steps can greatly reduce your risk of being hacked. With phishing scams on the rise, now is the time to update your settings before it’s too late.

Read more »
Phishing Scams
account protection Account security Amazon Customer Data Cyber Attacks Cyberscams Cybertheft data security Data Theft Login Login Security Passkey Passkey Security Phishing Scams

Amazon Customers Face Surge in Phishing Attacks Through Fake Emails and Texts

 

Cybercriminals are actively targeting Amazon users with a sharp increase in phishing scams, and the company is sounding the alarm. Fraudsters are sending deceptive emails that appear to originate from Amazon, prompting users to log in via a counterfeit Amazon webpage. Once a person enters their credentials, attackers steal the information to take over the account. The urgency to secure your Amazon account has never been greater.  

These scam emails often warn customers about unexpected Amazon Prime renewal charges. What makes them particularly dangerous is the use of stolen personal data to make the emails appear genuine. Amazon’s warning reached over 200 million users, emphasizing the widespread nature of this threat. 

Adding to the concern, cybersecurity firm Guardio reported a dramatic spike in a related scam—this time delivered through SMS. This variant claims to offer fake refunds, again luring users to a fraudulent Amazon login page. According to Guardio, these text-based scams have jumped by 5000% in just two weeks, showing how aggressively attackers are adapting their tactics. 

Amazon says it is actively fighting back, having removed 55,000 phishing websites and 12,000 scam phone numbers involved in impersonation schemes over the past year. Despite these efforts, scammers persist. To combat this, Amazon issued six practical tips for customers to recognize and avoid impersonation fraud.  

The U.S. Federal Trade Commission (FTC) has also issued alerts, noting that scammers are pretending to be Amazon representatives. These fake messages typically claim there’s a problem with a recent purchase. But there’s no refund or issue—just a trap designed to steal money or private data. 

To stay protected, Amazon strongly recommends two major security measures. First, enable two-step verification (2SV) via the “Login & Security” settings in your account. Avoid using SMS-based verification, which is more vulnerable. Instead, use a trusted authenticator app such as Google Authenticator or Apple’s Passwords. If you’ve already set up SMS verification, disable it and reset your 2SV preferences to switch to an app-based method. 

Second, add a passkey to your account. This provides a stronger layer of defense by linking your login to your device’s biometric or PIN-based security, making phishing attacks far less effective. Unlike traditional methods, passkeys cannot be intercepted through fake login pages. 

Cyberattacks are growing more sophisticated and aggressive. By updating your account with these safety tools today, you significantly reduce the risk of being compromised.
Read more »
Postal Service
Amazon Brushing Scam customer privacy Cyber Fraud cyber threat Data Fraud data security Data Theft Postal Service

Brushing Scam Targets Amazon Customers with Unsolicited Packages and Hidden Cyber Threats

 

Ray Simmons was confused when he received an unexpected Amazon package containing beet chews. Initially, he thought it might be a joke from someone encouraging him to eat healthier. However, it turned out to be part of a broader scam known as “brushing,” where consumers receive unsolicited deliveries from online sellers attempting to manipulate product ratings and reviews. 

Brushing scams involve third-party sellers who send low-value goods to individuals whose names and addresses are often scraped from publicly available online sources. After the product is delivered, scammers use the recipient’s identity or create a fake account that resembles the recipient to leave positive reviews. These fake reviews can artificially boost a product’s credibility, helping it rank higher in search results and increasing sales. 

While receiving a free item might seem harmless, the scam carries hidden dangers. The U.S. Postal Inspection Service (USPIS) warns that these incidents indicate misuse of personal information. Even more concerning is the potential for packages to include QR codes, which might direct recipients to malicious websites. Scanning such codes can result in the installation of malware or the theft of personal data. 

The scam is a reminder that personal data is often accessible and can be exploited without a consumer’s knowledge. USPIS stresses the importance of not interacting with suspicious elements included in unsolicited packages. Inspector David Gealey noted that even though these items may appear insignificant, they are a signal that someone has unauthorized access to your personal information. 

Fortunately, the package Simmons received did not include a QR code. Nonetheless, he took immediate action by checking his Amazon and banking accounts for any signs of unauthorized access. This kind of vigilance is exactly what USPIS recommends for anyone in a similar situation. 

Authorities advise that recipients of such packages should not scan any QR codes or click on any related links. They also emphasize that there is no obligation to return unsolicited items. Instead, consumers should monitor their financial and e-commerce accounts for any suspicious activity and report the incident to local law enforcement, USPIS, or the Federal Trade Commission.  

Though brushing scams may appear to be minor nuisances, they reflect deeper issues related to data privacy and cyber fraud. Staying informed and cautious can help consumers protect themselves from further harm and support efforts to hold malicious actors accountable.
Read more »
Workplace
Amazon Employee Personal Information Privacy Workplace

Over 21 Million Employee Screenshots Leaked from WorkComposer Surveillance App

Over 21 Million Employee Screenshots Leaked from WorkComposer Surveillance App

An app designed to track employee productivity by logging keystrokes and taking screenshots has suffered a significant privacy breach as more than 21 million images of employee activity were left in an unsecured Amazon S3 bucket.

An app for tracking employee productivity by logging keystrokes and capturing screenshots was hit by a major privacy breach resulting in more than 21 million images of employee activity left in an unsafe Amazon S3 bucket. 

Experts at Cybernews discovered the breach at WorkComposer, a workplace surveillance software that monitors employee activity by tracking their digital presence. Although the company did secure access after being informed by Cybernews, the data was already leaked in real time to anyone with an internet connection, exposing the sensitive work information online of thousands of employees and companies. 

WorkComposer is an application used by more than 200,000 users in various organizations. It is aimed to help those organizations surveil employee productivity by logging keystrokes, monitoring how much time employees spend on each app, and capturing desktop screenshots every few minutes. 

With millions of these screenshots leaked to the open web raises threats of vast sensitive data exposed: email captures, confidential business documents, internal chats, usernames and passwords, and API keys. These things could be misused to target companies and launch identity theft scams, hack employee accounts, and commit more breaches. 

Also, the businesses that have been using WorkCompose could now be accountable to E.U GDPR (General Data Protection Regulation) or U.S CCPA  (California Consumer Privacy Act) violations besides other legal actions. 

As employees have no agency over what tracking tools may record in their workday, information such as private chats, medical info, or confidential projects; the surveillance raises ethical concerns around tracking tools and a severe privacy violation if these screenshots are exposed. 

Since workers have no control over what tracking tools may capture in their workday, be it private chats, confidential projects, or even medical info, there’s already an iffy ethical territory around tracking tools and a serious privacy violation if the screenshots are leaked.

The WorkComposer incident is not the first. Cybernews have reported previous leaks from WebWork, another workplace tracking tool that experienced a breach of 13 million screenshots. 

Read more »
Subscribe to: Comments (Atom)