The breach was apparently carried out in early May 2018, when Bezos received an unsolicited message from the crown prince — or an entity in control of his WhatsApp account. That message allegedly contained a video file that forensic analysis later concluded was highly likely to contain malware that allowed “large amounts of data” to be surreptitiously removed from the Amazon founder’s phone. For now, though, most of the case’s finer details remain unknown.
For example, The Guardian has not identified the party that carried out that forensic analysis. While today’s report suggests a significant amount of personal data was ferried off of Bezos’ phone as a result of the hack, there is no clear sense of what kind of data was ultimately collected. It’s also unclear at this point what role — if any — the crown prince himself played in the dissemination of malware. The Guardian report specifically notes that the malicious file originated from a number used by Mohammed bin Salman but stops short of directly implicating the 34-year-old Saudi royal.
If true, the attack represents a particularly brazen attempt on the part of the Saudi government to gain leverage over the world’s richest man. It also raises serious questions about what that data might have been used for immediately after the attack took place. Five months after that message was sent from MBS’s WhatsApp account, Jamal Khashoggi, a Washington Post columnist and vocal critic of the Saudi government, was murdered in Istanbul. And just months after that, text messages and images Bezos sent to his mistress, former television anchor Lauren Sanchez, were published by the National Enquirer.
The Guardian report notes that Bezos and the crown prince had been enjoying an apparently innocuous WhatsApp conversation prior to the file being sent, which comes as little surprise since the royal figure has long cultivated relationships with the Silicon Valley elite. Beyond that, Bezos had a vested interest in maintaining a friendly relationship with the Saudi government. As recently as early 2019, Amazon planned to expand its e-commerce reach into Saudi Arabia and the UAE, and the company considered opening AWS data centers in the Crown kingdom. Even now, Amazon has 22 open job listings in Saudi Arabia, most in the capital city of Riyadh.
However, Khashoggi’s assassination and the Bezos data leak quickly caused whatever relationship existed between Amazon and the Saudi government to deteriorate. And while today’s report shines more light on the mechanics of Saudi cyber-operations, Amazon — and Bezos — had long suspected the kingdom’s involvement in a data breach. In March 2019, following the public airing of Bezos’s extramarital affair, Amazon head of security Gavin de Becker wrote in a piece published by the Daily Beast that “our investigators and several experts concluded with high confidence that the Saudis had access to Bezos’ phone, and gained private information.”