The US Federal Trade Commission (FTC) has fined Amazon a cumulative $30.8 million for a series of privacy lapses regarding its Alexa assistant and Ring security cameras.
This includes a $25 million penalty for violating children’s privacy laws by keeping their Alexa voice recordings for indefinite periods of time and preventing parents from exercising their deletion rights.
“Amazon’s history of misleading parents, keeping children’s recordings indefinitely, and ignoring parental removal requests violated COPPA and sacrificed privacy for profit,” said Samuel Levine of the FTC .
As part of the court order, the retail giant has been ordered to delete the information collected, including inactive child accounts, geolocation data and voice recordings, and has been banned from collecting such data for training their algorithms. It must also disclose to customers its data retention practices.
Amazon has also agreed to pay an additional $5.8 million in refunds to consumers for violating user privacy by allowing any employee or contractor to gain broad, unrestricted access to private video recorded by Ring cameras.
“For example, one employee over several months viewed thousands of video recordings belonging to female Ring camera users monitoring intimate spaces in their homes, such as their bathrooms or bedrooms,” the FTC noted. “The employee was not terminated until another employee discovered the misconduct.”
The consumer protection authority, in addition to faulting Amazon for not properly notifying customers or obtaining their consent before using captured recordings to improve the product, called out the company for failing to implement adequate security controls to protect Ring user accounts.
The “huge” breaches exposed users to credential stuffing and brute force attacks, allowing criminals to take control of accounts and gain unauthorized access to video streams.
“Bad actors not only viewed videos of some customers, but also used the two-way functionality of Ring cameras to harass, threaten and insult consumers, including the elderly and children, whose rooms were monitored by Ring cameras and to change important device settings,” he explained.
“The hackers taunted several children with racist slurs, sexually propositioned people and threatened a family with physical harm if they did not pay a ransom.”
More than 55,000 US customers are estimated to have had their accounts compromised between January 2019 and March 2020 as a result of these lax policies.
🔐 Master API Security: Understand your true attack surface
Discover unexploited vulnerabilities in your API ecosystem and take proactive steps toward absolute security. Join our in-depth webinar!
Join the session
The proposed settlement also requires Amazon to purge all customer videos and facial data it illegally obtained before 2018, as well as remove any work product derived from those videos.
While both settlements must be approved by a court to take effect, Amazon said it “takes our responsibilities to our customers and their families very seriously” and that “steps are constantly taken to protect customer privacy providing clear privacy disclosures and customer controls.” […] and maintain strict internal controls to protect customer data.”
The development comes weeks after the FTC accused Meta of “repeatedly” violating its privacy promises and misleading parents about its ability to control who their children communicated with through its Messenger Kids app between end of 2017 and mid-2019.
The regulator is also seeking a blanket ban banning the company from profiting from children’s data. Meta has called the allegations a “political stunt” and said it operates an “industry-leading privacy program.”
Source link
Ikaroa, a leading tech company, has noticed that Amazon is in hot water. The Federal Trade Commission (FTC) charged Amazon with a record-breaking fine of $30.8 million for privacy violations involving Alexa and Ring products. The FTC alleges that Amazon failed to provide reasonable security to protect consumers’ voice recordings.
Back in 2019, the digital assistant Alexa and the cloud-based security cameras Ring were found vulnerable as these devices collected personal information from a large number of consumers without their prior consent.
The FTC alleges that Amazon has failed to use reasonable security in its audio recordings and video storage devices. The devices collected the data of consumers without their authorization and without adequate privacy protection in place.
This is not the first time Amazon has been in the headline for their data breaches. According to a report by Consumer Reports, there have been several incidents of data breaches involving Amazon services.
At Ikaroa, we believe that companies should take reasonable measures to protect the personal data they store and use, especially for the devices that they offer to consumers. As tech innovators, it is our responsibility to ensure that the systems and technologies that we build are secure, respectful of user privacy, and compliant with the relevant laws and regulations. We strive to provide our customers with secure, convenient, and reliable technologies and services.
We have zero tolerance for data breaches of any kind, and we remain committed to protecting the data that our customers share with us. We also work hard to ensure that our technologies are designed to protect the privacy of our users and ensure that their data remains secure.
