April 11, 2017
Hackers are reportedly targeting third-party sellers on Amazon by using stolen email and password credentials (available for purchase from previous hacks via the “Dark Web”) in a scam to post fake product deals online and pocket cash. Thieves have changed the bank info of active sellers on Amazon to steal amounts up to tens of thousands from each and have hacked less active sellers to post merchandise that does not exist, offering products at steep discounts. While PayPal and eBay have been targeted by hackers in the past, cybersecurity experts indicate that Amazon is becoming a new target.
“Hacking Amazon is becoming… increasingly a big deal,” said Marketplace Pulse chief exec Juozas Kaziukenas. “The value to be gained is bigger as Amazon grows.”
“While the precise scope and financial impact of the Amazon attacks is unclear, some sellers say the hacks have shaken their confidence in Amazon’s security measures,” reports The Wall Street Journal. “Such third-party merchants are critical for Amazon’s retail business, with more than two million sellers on the site accounting for more than half of its sales, including more than 100,000 sellers who each now sell in excess of $100,000 annually.”
Since Amazon provides refunds for merchandise that does not arrive, the fraud is not expected to have a major impact on consumers. Amazon does not pay sellers “until it is confident customers have received their orders,” notes WSJ. “Sellers who lost money will be made whole.”
Cybersecurity experts indicate that thieves can purchase account details from previous hacks. More than 2.6 billion passwords and email addresses have been obtained from major names such as Adobe, LinkedIn and MySpace.
As the world faces increased hacking, fraud protection is encouraged. Alex Holden, chief information security officer of Hold Security LLC, suggests unique passwords and two-step verification. “Holden also advises sellers set Amazon notifications for email alerts anytime anything is changed on the account,” adds WSJ.