Amazon echo

Earlier this month, there was a report that outlined how some Amazon employees have access to listen in on Alexa requests doled out by customers out in the real world. Now, a follow-up report suggests that available information for those employees could include home addresses.

Bloomberg reports this week that it has learned those Amazon employees can learn the latitude and longitude of a customer. This makes it easy to determine the user’s home address. All the Amazon employee needs to do, according to people familiar with the matter, is type in the geographic coordinates in a third-party mapping service.

“Team members with access to Alexa users’ geographic coordinates can easily type them into third-party mapping software and find home residences, according to the employees, who signed nondisclosure agreements barring them from speaking publicly about the program.

While there’s no indication Amazon employees with access to the data have attempted to track down individual users, two members of the Alexa team expressed concern to Bloomberg that Amazon was granting unnecessarily broad access to customer data that would make it easy to identify a device’s owner.”

The publication saw it in action. One of the team members took the geographic coordinates, which are stored on Amazon’s servers, and input them in Google Maps. It didn’t take long at all for the service to pull up the physical home address where Alexa was utilized. And in Amazon’s goal to improve Alexa, some of the employees have access to customer work and home phone numbers, addresses, and even their contacts list if they’ve decided to share it.

Amazon did offer a comment on this new story, saying that access is “highly controlled”, and is only granted to a limited number of employees:

“In a new statement responding to this story, Amazon said “access to internal tools is highly controlled, and is only granted to a limited number of employees who require these tools to train and improve the service by processing an extremely small sample of interactions. Our policies strictly prohibit employee access to or use of customer data for any other reason, and we have a zero tolerance policy for abuse of our systems. We regularly audit employee access to internal tools and limit access whenever and wherever possible.”

The previous story depicted a relatively small team, albeit spread across the globe, that has access to voice recordings of customers calling upon Alexa on their smart devices. In that original report, it was revealed that some employees would even share those recorded commands and share them between one another at work.

Our Take

Amazon made changes to what its employees on this team had access to, including removing some software tools from access altogether. And while it’s good that these access points for information are “highly controlled”, it still doesn’t sound great that any Amazon employee has access to this kind of information.

[via Bloomberg]