Anyone can access portions of a web portal, used by law enforcement to request customer data from Amazon, even though the portal is supposed to require a supported email address and password.
Amazon’s law enforcement request portal accepts police and federal agents to submit formal requests for customer data together with a law tell, like a subpoena, a search warrant, or a court order. The portal is publicly accessible from the internet, but law enforcement agencies must register an chronicle with the site in order to allow Amazon to ” authenticate ” the requesting officer’s credentials so that they are able to obligate requests.
Only time sensitive emergency entreaties can be submitted without an history, but this requires the user to “declare and acknowledge” that they are an licensed law enforcement officer so that they are able to refer a request.
The portal does not display customer data or allow access to existing law enforcement entreaties. But parts of the website still laden without needing to log in, including its dashboard and the “standard” request form used by law enforcement to request customer data.
The portal stipulates a uncommon view into how Amazon handles law enforcement agencies requests.
This form lets law enforcement to request customer data exerting a wide variety of data points, including Amazon order counts, serial numbers of Amazon Echo and Fire inventions, credit cards items and bank account quantities, talent cards, give and shipping amounts, and even the Social Security number of delivery drivers.
It too permits law enforcement to obtain records related to Amazon Web Business histories by submitting domain names or IP addresses related to the request.
Assuming this was a bug, we cast Amazon various emails prior to publication but did not listen back.
Amazon is not the only tech company with a portal for law enforcement agencies solicits. Many of the bigger tech business with millions or even billions of users around the world, like Google and Twitter, have improved entrances to allow law enforcement to request customer and user data.
Motherboard reported a similar matter earlier this month that allowed anyone with an email address to access law enforcement entrances set up by Facebook and WhatsApp.
Read more: feedproxy.google.com