Around 100 Amazon merchants were victim to a six-month hack in 2018, according to Bloomberg, which said an “extensive” fraud let thieves steal cash from the merchants’ accounts.
But rather than its own system being hacked, Amazon believes the merchants were tricked into handing over login information for their accounts. Given the sophistication of today’s phishing emails that take advantage of pieces of information about individuals available from past breaches of various companies, it’s easy to see how anyone could be tricked.
Amazon sellers’ money was siphoned to fraudsters’ own accounts, Bloomberg reported, and it said Amazon lawyers asked permission to access the bank statements of the alleged fraudsters.
It seems that would be a job for law enforcement, but Amazon fraud may not be a priority for such agencies. It certainly seems Amazon believes it can’t rely on law enforcement alone. Should fraud investigators at private companies be allowed to search individuals’ bank records, even those belonging to suspected fraudsters?
Sellers aren’t the only ones who are vulnerable to “hacks.” We recently published a letter from a reader who said their eBay buying account was taken over and used to start selling items, with payments funneled to the hacker’s PayPal account they had associated with the reader’s eBay account.
What made the Amazon UK cases so lucrative for fraudsters was that they were reportedly able to siphon funds from working capital loans Amazon had provided to the sellers. Keep in mind the document Bloomberg examined is not a full accounting of all fraudulent activity related to Amazon’s marketplace.