Amazon list of usernames and passwords posted for free#
Third-parties might post a picture of the product in a Facebook or WeChat group, asking for reviews in return for free products.
The server could be owned by a third party that reaches out to potential reviewers on behalf of the vendors. Given the extent of the records and vendors included in the database, it’s possible that the server is not owned by the Amazon vendors running the scam. Nonetheless, the server was secured a few days later, making it inaccessible to outside parties. As a result, we could not notify the company in question regarding this security issue. We were unable to identify the owner of the ElasticSearch server. We monitored the status of the open ElasticSearch server over the following days, and on March 6th, 2021, the unclaimed database was secured. The SafetyDetectives cybersecurity team discovered the breach on March 1st, 2021. *Records that were unrelated to messages between vendors and reviewers were written in Chinese, which is why we assume the owners of the server were located in China. This makes the five-star review look legitimate, so as not to arouse suspicion from Amazon moderators. The refund for any purchased goods is actioned through PayPal and not directly through Amazon’s platform. Once the Amazon vendor confirms all reviews have been completed, the reviewer will receive a refund through PayPal, keeping the items they bought for free as a form of payment.
Upon completion, the provider of the fake review will send a message to the vendor containing a link to their Amazon profile, along with their PayPal details. The people providing the ‘fake reviews’ will then buy the products, leaving a 5-star review on Amazon a few days after receiving their merchandise. These Amazon vendors send to reviewers a list of items/products for which they would like a 5-star review. The information found on the open ElasticSearch server outlines a common procedure by which Amazon vendors procure ‘fake reviews’ for their products. While it is unclear who owns the database, the breach demonstrates the inner workings of a prevalent issue affecting the online retail industry. In total, 13,124,962 of these records (or 7 GB of data) have been exposed in the breach, potentially implicating more than 200,000 people in unethical activities. The server contained a treasure trove of direct messages between Amazon vendors and customers willing to provide fake reviews in exchange for free products. The SafetyDetectives cybersecurity team uncovered an open ElasticSearch database exposing an organized fake reviews scam affecting Amazon.
0 kommentar(er)
