[vineyardmike]

> Another possibilty is that overseas contractors for AWS regularly harvest email addresses from the support UI and spam them.

If this was a practice that was possible and occurring then I suspect we'd have heard of many more cases by now. Most big companies don't use contractors for work that gives them access to customer data like that, and most don't just allow anyone easy access to raw customer data without a paper trail and reason.

[Nextgrid]

> Most big companies don't use contractors for work that gives them access to customer data like that

[citation needed]

Okta is a recent counter-example.

[izzygonzalez]

What big companies are you referring to? Protecting data takes effort, so by virtue of that, intent is a necessary precondition.

Most companies probably don't take care of these things at the rate or level you seem to be assuming that they do.

[sam0x17]

At a previous company AWS was a customer, and I can tell you from the corporate training resources I've seen, they have huge populations of support engineers in countries like India, who are contractors.

[simplyinfinity]

You would think.. But Epam is a contractor for one of the clouds and has access to client data. Another few (contractor/outsourcing ) companies i know of have access to all their customer's customer data.

[aaaaaaaaata]

Dell, too