Data BreachNews

Scammer Accidentally Revealed Amazon Fake Reviews Scam – 13 Million Record

From names, emails to PayPal details, everything has been leaked of over 200,000 individuals who appear to be involved in Amazon fake product review scheme.

An opsec-illiterate scammer accidentally exposed 13 million records online at an open ElasticSearch database, that included data related to amazon’s fake reviews scam where vendors have been generating fake reviews for their products to boost their ranking by gifting users free products if they agree to post a fake review for them.

These scammers have to extend the fake appreciation and positive feedback of the product, just so that other people buy it as well. This could lead them to a great profit by such a little effort and also an attempt to put down their competitors. Sometimes they even pay the individuals for this.

They have been operating for quite some time now and working under Amazon’s radar until the ElasticSearch server exposes behind-the-scenes of their schemes.

On Thursday, Safety Detectives researchers disclosed the public and online server. It consisted of almost 7GB of data and over 13 million records. All of them linked to fake review scams. It has been leaked out on Thursday. The organization of the server is appeared to emerge in China but the main owner of the server is yet unknown. The messages which are leaked with the data are written in Chinese. So it is most likely to be originated from China.

The database server has almost 200,000 – 250,000 users’ records and Amazon marketplace, vendors. The leaked data consisted of the followings;

  • User Names
  • Email Addresses
  • PayPal Addresses
  • WhatsApp Phone Numbers
  • Telegram Phone Numbers
  • Amazon Profiles
  • Direct Messages data
  • All the personal messages of the customers and traders regarding fake review scams.

According to the team, the leak may implicate¬† “more than 200,000 people in unethical activities.” The database server, and messages resulted in the disclosure of the dubious seller’s techniques and tricks.

The open ElasticSearch server was said to be discovered on March 1. The leak was noticed and the server was secured on March 6. However, it is been observed that the server belongs to some third party as The researchers said;

“The server could be owned by a third-party that reaches out to potential reviewers on behalf of the vendors [or] the server could also be owned by a large company with several subsidiaries, which would explain the presence of multiple vendors, What’s clear is that whoever owns the server could be subject to punishments from consumer protection laws, and whoever is paying for these fake reviews may face sanctions for breaking Amazon’s terms of service.”

According to Amazon’s policy, vendors cannot review their own products. They are also prohibited to hire someone to write good reviews for them in return for rewards, discounts, free products, and compensations. These activities are very less likely to be stopped and they will continue most probably.

While addressing the issue, Amazon’s spokesperson said;

“We want Amazon customers to shop with confidence knowing that the reviews they read are authentic and relevant, We have clear policies for both reviewers and selling partners that prohibit abuse of our community features, and we suspend, ban, and take legal action against those who violate these policies.”

Noor Eeman

Hey, Noor here. Just a passionate student sharing tech bits of life, currently studying to become a languages interpreter from NUML. Passionate about words, writings, and languages regarding trends, technology, and social media.

Leave a Reply

Your email address will not be published.

Back to top button