Amazon merchants experience massive data breach and extortion

On May 8, it was reported e-commerce giant Amazon was a victim of an “extensive” data breach. The corporation admitted hackers penetrated its cybersecurity to access around 100 merchant accounts. After perpetrating their unauthorized entry, the criminal operators siphoned user loans and profits into their own accounts.

The firm revealed the breach happened between May and October 2018 but did not disclose how much money was stolen. Earlier this month, Amazon boasted it dispersed more than $1 billion to small businesses last year.

Brought to Light

The hack became public after Bloomberg obtained documents related to a legal filing the firm made in the United Kingdom. Amazon asked the court to allow it to search financial records maintained by British financial institutions Barclays and Prepay to further its fraud investigation. The world’s largest online retailer said it wanted to review the records to find the rogue programmers, recover the stolen funds, and prevent similar hacks in the future.


Amazon’s November 2018 filings indicate the company believes phishing techniques were used to give hackers access to the affected merchant accounts. The tech giant told Bloomberg it had concluded its investigation into the six-month-long fraud scheme. However, it declined to offer more details on the inquiry’s outcome.

Barclays and Prepay declined to comment on the cyber fraud incident.

How Secure is Amazon?

As Earth’s biggest digital marketplace, Amazon success has been predicated on two factors. One, the firm’s ability to deliver a staggering array of goods to consumers located across the world. Two, the company has dedicated significant resources to normalizing internet-based commerce. But the tech industry monolith’s cybersecurity is not impenetrable.

Hackers previously victimized Amazon’s merchants in a serious cyber fraud incident that took place in 2017. Two years ago, criminal operators hacked seller accounts to steal hundreds of thousands of dollars.

Cybercriminals also took over the company’s merchant accounts to pull off false listings scams. The fraudsters created listings for low-priced goods with protracted delivery dates. The thieves pocketed customer payments and left the real sellers with swathes of chargebacks.

In November 2018, Amazon announced a “technical glitch” exposed a number of its customers’ names and email addresses. The firm didn’t disclose how many of its users were affected by the data leak. At the time of the breach, the corporation had an active customer base of more than 310 million.

Amazon’s Web Service (AWS) cloud storage business has also repeatedly suffered major data breaches. Last year, Tesla’s web storage account was hacked and some of its proprietary data exposed. In 2016, Uber suffered an AWS breach that affected 57 million of its users. Most devastatingly, Facebook had 540 million of its records exposed due to a data leak in two AWS servers.

While no system can be 100 percent secure, Amazon’s massive spate of data breaches is alarming. A platform of its size owes it to its massive customer base to secure their funds and private data. Hopefully, the Silicon Valley titan will invest more of the $241 billion it made in 2018 to bolster its cybersecurity.

Facebook Comments