You may not realize this, but Amazon is more than just the world’s largest e-tailer and distributor of popular products like the Fire TV streaming stick and Echo talking speakers.
Via its Amazon Web Services division, the company provides the data backbone for industry (Avis, Samsung, GE), the government (Department of Defense, NASA, the state of Arizona), financial institutions (Liberty Mutual and Capital One) and more.
So when Capital One disclosed this week that its servers had been hacked by a former Amazon employee affecting more than 100 million customers and compromising information such as Social Security numbers, credit scores and credit card transaction data, attention turned to Amazon.
What do I do now? 3 ways to protect your info after Capital One breach
Behind the hack: Seattle woman charged in Capital One breach may have data from other companies
What was Amazon’s role?
Amazon, after all, provided the backup for Capital One, a fact the bank giant touted on the Amazon AWS website. Via AWS, “Capital One turns data into insights through machine learning, allowing the company to quickly innovate on behalf of its customers,” Amazon says on the AWS website.
Capital One was hacked big time, blaming the breach on a “firewall misconfiguration.”
But Amazon says it is not responsible.
“AWS was not compromised in any way and functioned as designed,” the company said in a statement. “The perpetrator gained access through a misconfiguration of the web application and not the underlying cloud-based infrastructure. As Capital One explained clearly in its disclosure, this type of vulnerability is not specific to the cloud.”
Emmanuel Schalit is an AWS customer. As the CEO of Dashlane, a password manager, he has his customers’ data backed up and stored in Amazon clouds, and he’s not concerned.
It is not the responsibility of a cloud provider like Amazon, Google or Microsoft to “secure what we built, it’s ours,” he says. “We build our security on top of theirs, and AWS is probably the best in security now.” What happened “doesn’t diminish our level of trust in AWS.”
Mark McCreary, chief privacy officer for Philadelphia-based law firm Fox Rothschild, which also uses AWS, agrees. “You need to configure the security correctly. Somebody made a mistake. This is not Amazon’s fault.”
What’s a consumer to do?
Beyond freezing your credit card and changing your passwords, there’s not much else you can do, says Brian Krebs, who runs the Krebsonsecurity.com blog.
“This is kind of out of their hands,” he says. “They can ask questions about their data, but they probably won’t get answered.”
He says there are breaches every day with our data, “and there needs to be more accountability when they screw up like this in a big way. That’s the only thing that will drive change.”
Amazon dominates the cloud computing segment in much of the same way as it overpowers e-commerce. The company has a 47.8% market share, according to market tracker Gartner, followed by 15.5% for Microsoft, 7.7% for China’s Alibaba, 4% for Google and 1.8% for IBM.
Other companies that work with AWS include Zynga, Unilever, Pfizer, GE, Brooks Brothers, Lululemon, Hyundai, Sony and Vodafone.
Associated Press contributed to this story.
Follow USA TODAY’s Jefferson Graham (@jeffersongraham) on Twitter