By Robert McMillan

A Democratic senator is pressing Amazon.com Inc. for answers on its cloud-computing technology at the heart of the Capital One hack, one of the biggest-ever bank-data thefts.

Sen. Ron Wyden (D., Ore.) on Monday sent a letter to Chief Executive Jeff Bezos requesting details about the security of Amazon's cloud service, which stored the 106 million Capital One Financial Corp. credit-card records allegedly stolen by an accused hacker.

Capital One blamed the incident on "a specific configuration vulnerability" in the way it uses Amazon's cloud. The Wall Street Journal reported Sunday how the accused hacker, Paige A. Thompson, was allegedly able to find an opening in Capital One's systems and exploit a weakness in some misconfigured networks that cloud-security experts have warned about for years

Mr. Wyden's letter, dated Monday and reviewed by the Journal, seeks to better understand how these configuration errors happen and what Amazon is doing to protect its customers from them. The Journal reported that more than 800 Amazon users were found vulnerable to a similar configuration error, according to a partial scan of cloud users, conducted in February by a security researcher.

"When a major corporation loses data on a hundred million Americans because of a configuration error, attention naturally focuses on that corporation's cybersecurity practices," the letter stated. "However, if several organizations all make similar configuration errors, it is time to ask whether the underlying technology needs to be made safer, and whether the company that makes it shares responsibility for the breaches."

Sen. Wyden asked Mr. Bezos to send answers to his questions by Aug. 13.

Amazon representatives didn't immediately respond to requests for comment. Amazon has said that its cloud products weren't the cause of the breach and that it provides tools to alert customers when data is being improperly accessed.

Capital One declined to comment.

The letter also cites a since-deleted Twitter message last week from a senior security engineer at Netflix Inc. saying the video-streaming service has sought increased security measures from Amazon to protect itself against the configuration error. "Unfortunately we didn't get a satisfactory response," the engineer said, according to a copy of the tweet viewed by the Journal.

A Netflix spokeswoman said the company's engineer was asked to remove his tweet because it doesn't reflect the company's views. Netflix has no technical issues with Amazon, she said.

Netflix, like Capital One, is a marquee customer for Amazon's cloud business and is listed as a case study of how to use the cloud on Amazon's website. Cloud computing is a big profit driver for Amazon, which commanded nearly half of the public cloud market in 2018, according to Gartner.

Sen. Wyden is starting this inquiry as "part of his ongoing privacy and cybersecurity oversight work," and not in conjunction with a committee investigation, a Wyden aide said.

Write to Robert McMillan at Robert.Mcmillan@wsj.com

(END) Dow Jones Newswires

August 05, 2019 16:47 ET (20:47 GMT)

Copyright (c) 2019 Dow Jones & Company, Inc.
Capital One Financial (NYSE:COF)
Historical Stock Chart
From Jun 2024 to Jul 2024 Click Here for more Capital One Financial Charts.
Capital One Financial (NYSE:COF)
Historical Stock Chart
From Jul 2023 to Jul 2024 Click Here for more Capital One Financial Charts.