Senators Ron Wyden (D-OR) and Elizabeth Warren (D-MA) are urging FTC Chairman Joseph Simons to open an investigation into whether Amazon violated federal law by failing to the prevent Capital One’s devastating data breach. They contend that Amazon was aware of the dangers of a Server-Side Request Forgery flaw – the type security vulnerability that lead to the breach – as far back as 2014.
Amazon dismissed the importance of the SSRF issue in Capital One’s breach, saying that “was just one of many subsequent steps the perpetrator followed after gaining access to the company’s systems, and could have been substituted for a number of other methods.” They indicate that errors on the part of Capital One led to the breach, which exposed more than 106 million customer financial records, including credit card applications, dating back to 2005.
