Verify a decision

{"actor":"system:backfill","investigation_id":"8b30f4bf-6cf5-4ebe-9a2d-168e5d641f39","kind":"publish","page_slug":"amazon-web-services","published_at":"2026-05-14T06:03:12.783Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Amazon Web Services","sections":[{"content":"AWS has experienced numerous significant outages that have disrupted major internet services. <cite index=\"3-11,6-8\">Monday's problems at Amazon Web Services spawned 11 million total outage reports, with the outage affecting 113 services</cite>. The most recent major incident occurred in <cite index=\"3-19,6-3\">October 2025, when the outage started Monday morning in Northern Virginia, home to AWS' oldest and biggest cloud computing hub in the U.S. The problem started after a technical update to the API of DynamoDB, a key cloud database service</cite>. <cite index=\"3-14,3-15\">[The] outage reveals the vulnerabilities of a system where a small number of companies provide such a large chunk of the internet's backbone. \"[The] outage is a stark reminder of the massive 'concentration risk' the global economy has accepted by building on a handful of cloud providers,\" Dave McCarthy, who leads global research for cloud services at the International Data Corporation, told CBS News</cite>. Historical outages include incidents in <cite index=\"1-6\">2021, 2020, 2019, 2017, and dating back to 2011</cite>.","heading":"Service Reliability and Outages","severity":"medium","sources":[{"credibility":1,"name":"CBS News - AWS outage reveals fragility of cloud services","type":"news_article","url":"https://www.cbsnews.com/news/aws-amazon-web-services-outage-fragility-cloud-services/"},{"credibility":1,"name":"Al Jazeera - What caused Amazon's AWS outage","type":"news_article","url":"https://www.aljazeera.com/news/2025/10/21/what-caused-amazons-aws-outage-and-why-did-so-many-major-apps-go-offline"}]},{"content":"Recent reports have highlighted concerns about AWS's internal AI tools causing service disruptions. <cite index=\"4-9,9-1\">According to a report from the Financial Times, several anonymous Amazon employees said that the outage was the fault of Kiro, Amazon's AI coding assistant. In one incident in December, engineers at Amazon Web Services allowed its in-house Kiro \"agentic\" coding tool to make changes that sparked a 13-hour disruption</cite>. However, <cite index=\"4-18,9-4\">Amazon issued a statement claiming the issue was the result of \"specifically misconfigured access controls—not AI as the story claims.\" \"In both instances, this was user error, not AI error,\" Amazon insisted</cite>. <cite index=\"8-14,8-15\">Internal memos reveal the recent incidents were tied to \"GenAI-assisted changes.\" Another memo shows these AI-assisted coding errors have been creating problems for Amazon as far back as Q3 2025, with GenAI tools used to supplement or speed up production changes \"leading to unsafe practices\"</cite>.","heading":"AI-Related Incidents","severity":"medium","sources":[{"credibility":2,"name":"Gizmodo - Amazon Reportedly Pins the Blame for AI-Caused Outage on Humans","type":"news_article","url":"https://gizmodo.com/amazon-reportedly-pins-the-blame-for-ai-caused-outage-on-humans-2000724681"},{"credibility":2,"name":"Futurism - Amazon's Blundering AI Caused Multiple AWS Outages","type":"news_article","url":"https://futurism.com/artificial-intelligence/amazon-ai-aws-outages"}]},{"content":"While AWS itself has not been directly breached, several high-profile incidents have involved AWS customers experiencing data exposure due to misconfigurations. <cite index=\"12-13,12-16\">In October 2021, Twitch, an Amazon-owned streaming platform, suffered a massive data leak exposing 125GB of sensitive information. In May 2022, Pegasus Airlines suffered a data breach due to a misconfigured AWS S3 bucket</cite>. The most notable incident involved <cite index=\"13-5,13-6\">Capital One in July 2019, when its server was hacked by a former Amazon employee. In total, over 100 million customers were impacted, exposing sensitive personal information like Social Security Numbers, bank account numbers, credit card transaction records, credit scores, and more</cite>. <cite index=\"13-17\">The Office of the Comptroller of Currency fined Capital One for $80 million, and the company paid out an additional $190 million settlement in a class action lawsuit</cite>. <cite index=\"15-4,15-5\">Another incident involved marketing firm Alteryx, which left information on more than 120 million US households exposed due to a misconfigured Amazon Web Services S3 Bucket</cite>.","heading":"Data Security and Customer Breaches","severity":"high","sources":[{"credibility":2,"name":"BlackFog - AWS Data Breach: Lesson From 4 High Profile Breaches","type":"research","url":"https://www.blackfog.com/aws-data-breach/"},{"credibility":2,"name":"Firewall Times - Amazon Web Services Data Breaches: Full Timeline Through 2023","type":"research","url":"https://firewalltimes.com/amazon-web-services-data-breach-timeline/"}]},{"content":"AWS faces ongoing litigation related to privacy and biometric data collection. <cite index=\"21-2,21-3\">A federal judge in Washington denied Amazon's motion to dismiss a proposed class action lawsuit alleging that the company violated California's wiretapping law. The lawsuit claims that Amazon Web Services was capable of accessing and potentially using call data from customer service interactions between Capital One and its customers</cite>. Additionally, <cite index=\"27-7,27-16\">multiple class action complaints have been filed against AWS alleging violations of the Biometric Information Privacy Act (BIPA), related to voice authentication and fraud detection technology</cite>. The cases allege AWS violated BIPA by <cite index=\"27-28,27-30\">possessing biometric information without creating written policies, failing to inform callers that their biometric information is being collected, and profiting from possession of biometric information</cite>.","heading":"Legal and Privacy Challenges","severity":"medium","sources":[{"credibility":2,"name":"CommLaw Group - Court Ruling on Amazon's Alleged Wiretapping Violations","type":"news_article","url":"https://commlawgroup.com/2024/court-ruling-on-amazons-alleged-wiretapping-violations/"},{"credibility":1,"name":"vLex - McGoveran v. Amazon Web Services case documents","type":"court_filing","url":"https://case-law.vlex.com/vid/mcgoveran-v-amazon-web-895430038"}]},{"content":"Despite incidents, AWS maintains extensive security measures and compliance programs. <cite index=\"24-18,24-19\">AWS is architected to be the most secure global cloud infrastructure on which to build, migrate, and manage applications and workloads. AWS has designed products and services that make sure that no one—not even AWS operators—can access customer content</cite>. <cite index=\"30-8,30-9\">The AWS Compliance Program helps customers to understand the robust controls in place at AWS to maintain security and compliance of the cloud. By tying together governance-focused, audit-friendly service features with applicable compliance or audit standards, AWS Compliance Enablers build on traditional programs</cite>. However, <cite index=\"15-19,15-20\">securing data stored in the cloud follows a shared responsibility model where securing data stored in the cloud is not something that the service provider or the company employing the service can accomplish alone</cite>.","heading":"Security Infrastructure","severity":"low","sources":[{"credibility":1,"name":"AWS - Clarifying Lawful Overseas Use of Data (CLOUD) Act","type":"official","url":"https://aws.amazon.com/compliance/cloud-act/"},{"credibility":1,"name":"AWS - Compliance Programs","type":"official","url":"https://aws.amazon.com/compliance/programs/"}]}],"sources_used":[{"credibility":1,"name":"CBS News - AWS outage reveals fragility of cloud services","type":"news_article","url":"https://www.cbsnews.com/news/aws-amazon-web-services-outage-fragility-cloud-services/"},{"credibility":1,"name":"Al Jazeera - What caused Amazon's AWS outage","type":"news_article","url":"https://www.aljazeera.com/news/2025/10/21/what-caused-amazons-aws-outage-and-why-did-so-many-major-apps-go-offline"},{"credibility":2,"name":"Gizmodo - Amazon Reportedly Pins the Blame for AI-Caused Outage on Humans","type":"news_article","url":"https://gizmodo.com/amazon-reportedly-pins-the-blame-for-ai-caused-outage-on-humans-2000724681"},{"credibility":2,"name":"BlackFog - AWS Data Breach: Lesson From 4 High Profile Breaches","type":"research","url":"https://www.blackfog.com/aws-data-breach/"},{"credibility":2,"name":"CommLaw Group - Court Ruling on Amazon's Alleged Wiretapping Violations","type":"news_article","url":"https://commlawgroup.com/2024/court-ruling-on-amazons-alleged-wiretapping-violations/"},{"credibility":1,"name":"AWS - Compliance Programs","type":"official","url":"https://aws.amazon.com/compliance/programs/"}],"summary":"Amazon Web Services is a leading cloud computing platform that controls 38% of the cloud infrastructure market. While generally reliable and secure, AWS has experienced multiple significant outages and faces ongoing privacy lawsuits, though no major regulatory sanctions have been identified in recent searches.","timeline":[{"date":"2019-07-01","event":"Capital One data breach affecting 100+ million customers by former AWS employee","source":"Firewall Times","source_url":"https://firewalltimes.com/amazon-web-services-data-breach-timeline/"},{"date":"2021-10-01","event":"Twitch data breach exposes 125GB of sensitive information","source":"BlackFog","source_url":"https://www.blackfog.com/aws-data-breach/"},{"date":"2022-05-01","event":"Pegasus Airlines breach due to misconfigured S3 bucket exposes 6.5TB of data","source":"BlackFog","source_url":"https://www.blackfog.com/aws-data-breach/"},{"date":"2024-07-01","event":"Federal judge denies AWS motion to dismiss wiretapping lawsuit","source":"CommLaw Group","source_url":"https://commlawgroup.com/2024/court-ruling-on-amazons-alleged-wiretapping-violations/"},{"date":"2025-10-20","event":"Major AWS outage affecting 113 services and generating 11 million outage reports","source":"CBS News","source_url":"https://www.cbsnews.com/news/aws-amazon-web-services-outage-fragility-cloud-services/"},{"date":"2025-12-01","event":"AI coding assistant Kiro allegedly causes 13-hour service disruption","source":"Gizmodo","source_url":"https://gizmodo.com/amazon-reportedly-pins-the-blame-for-ai-caused-outage-on-humans-2000724681"}]},"v":1}