AuctionBytes Blog
Covering auctions, collectibles and marketplace selling.

AuctionBytes Blog The AuctionBytes Blog has been giving a voice to online merchants since its launch in 2005. Named one of the world's top 30 blogs in 2008 by "Blogging Heroes." Weigh in with your thoughts on the joys and pitfalls of selling online.
Fri Mar 1 2019 18:16:30

Amazon Exposes Email Addresses of Some SFP Sellers

By: Ina Steiner

Sponsored Link

Amazon sent a report on Thursday to some of its sellers who use Seller Fulfilled Prime (SFP) containing the email addresses of all of the sellers in the report, rather than sending custom reports to each seller.

Sellers are referring to this as a data breach, though it's unrelated to hacking. We asked Amazon yesterday if it was due to a glitch or human error. We've also asked Amazon what it was doing to notify sellers, and what actions it advises sellers take, if any, as a result of the incident. As of this writing, we have not received a reply. (See update below.)

The report detailed refunds for orders shipped through Seller Fulfilled Prime covering a 2-week period ending February 23, 2019.

Amazon sends these reports to sellers to allow them to track refunds it processes on their behalf.

Yesterday's incident does not appear to be nearly so egregious as a reported breach from last year in which Amazon notified sellers it had "inadvertently disclosed" their name and email address, which may or not have been related to an alleged incident in which some Amazon employees had reportedly been bribed to access company data on behalf of disreputable merchants.

Seller email addresses have value but are not as sensitive as other types of identifying information, but one seller feared the incident could be used by scammers to send phishing emails. Another seller wondered if any unscrupulous recipients of the report might publish or try to sell the data, saying a list of Amazon SFP sellers has value to spam marketers.

Some email addresses are fairly generic - for example, gmail accounts. But those sellers who use an email address with the name of business might be upset that potential rivals could see how many returns they had during the 2 week period, along with the value of those orders - which they could possibly use to extrapolate sales data.

The biggest takeaway may be the vulnerability of user data in today's world - remember, this is the company that has been piloting a program in which it videotapes sellers faces as a security measure.

Update 3/2/19: An Amazon spokesperson provided the following statement: "Due to human error, we sent a small number of sellers the wrong refund information. We have notified impacted sellers. No customer information was shared."



Comments (3) | Permalink

Readers Comments

Perminate Link for Amazon Exposes Email Addresses of Some SFP Sellers   Amazon Exposes Email Addresses of Some SFP Sellers

This user has validated their user name. by: toolguy

Sun Mar 3 11:24:59 2019

Where's everyone up in arms?

If this had been eBay people would be screaming in the streets. . . . .

Perminate Link for Amazon Exposes Email Addresses of Some SFP Sellers   Amazon Exposes Email Addresses of Some SFP Sellers

This user has validated their user name. by: RKTOYS

Sun Mar 3 12:47:42 2019

I don't sell on Amazon after they tried to rob me so I don't run into many such stories.  However, yes, this is bad and I'd put money on it being another offshore/H1B duhveloper.  Because Richie Rich "can't find" Americans to fill those jobs.

Perminate Link for Amazon Exposes Email Addresses of Some SFP Sellers   Amazon Exposes Email Addresses of Some SFP Sellers

by: OnlyPollyPocket This user has validated their user name.

Wed Mar 6 11:52:17 2019

Amazon notified me of a refund I had to process so maybe not the same thing but there were no other seller email addresses in the email.



Login is required to post comments.
To sign in to leave a comment using your AB Verify User Name, fill in the form below. If you have not yet signed up for AB Verify, or if you'd like more information, go to the Registration Page
.

Login for AB Verify
Be sure and use your email address and password to log in.

 
Email:
Password:
 
 Forgot Your Password?
 Even though you are signed in with the AuctionBytes Blog, you will have to sign in to the EcommerceBytes blog. But you can sign in with your existing AB Verify info.