Quote:A confidential memo from inside Amazon explained that customer service credential abuse and data theft was on the rise, according to Motherboard which reviewed the document. Keystroke monitoring would be a way for the company to verify the identity of who was accessing data.
 
“We have a security gap as we don’t have a reliable mechanism for verifying that users are who they claim they are,” the document reportedly said.
 
Amazon’s memo added that outsourced employees working from home in countries like India and the Philippines, where most of these security incidents occur, has created a “high data-exfiltration risk,” according to Motherboard.
 
Roommates of legitimate customer service reps curious to look up what famous people purchased from Amazon; hackers purchasing customer-service credentials; even the use of a USB Rubber Ducky to rapidly input keystrokes to gain access to systems, are all ways that attackers have abused Amazon data, according to the report.
 
The company added that it’s considering using a company called BehavioSec, which uses the aggregate data of a user’s mouse clicks and keystrokes to develop a profile of their typical behavior. Once that baseline of typical behavior is established, the BehavioSec tool will identify when someone’s activity is unusual. But based on Motherboard’s reporting, Amazon doesn’t seem to have settled on a final plan.
 
“We are considering an option that will include capturing all keystrokes and with this functionality turned on, we may not be able to deploy the off-the-shelf solution,” the company said.