100 Amazon Merchants Hacked In 'Serious' Six-Month Campaign: Report
The 'extensive' fraud occurred between May and October 2018, Bloomberg reported, with hackers breaking into the accounts of 100 Amazon sellers and funneling cash from loans or sales into their own bank accounts.
Amazon merchants were hit by a 'serious' online attack in 2018, with unidentified hackers siphoning funds from 100 seller accounts, according to a Bloomberg report.
The 'extensive' fraud occurred between May and October 2018, Bloomberg reported, with hackers breaking into the accounts of roughly 100 Amazon sellers and funneling cash from loans or sales into their own bank accounts. The Bloomberg report is based off a redacted U.K. legal filing from November that has now been made public.
The Seattle-based e-commerce giant said in the filing that it believes the hackers managed to change account details on the Seller Control platform to match their own accounts at Barclays and Prepay Technologies, which is partly owned by Mastercard. The filing doesn't indicate how the suspected hackers were able to add details of additional banks to the merchant accounts, according to Bloomberg.
[Related: Amazon’s Fulfillment Unit Flips The Off Switch On Oracle Database]
An Amazon spokesperson told CRN that the company is finished investigating the compromised accounts, but declined to comment on the findings. The company's lawyers asked a London judge to approve searches of account statements at Barclays and Prepay "to investigate the fraud, identify and pursue the wrongdoers, locate the whereabouts of misappropriated funds, bring the fraud to an end and deter future wrongdoing," according to a court filing.
Barclays and Prepay "have become innocently mixed up in the wrongdoing," according to the Amazon filing. The first fraudulent transaction occurred on May 16, 2018, the filing indicated, though Bloomberg said it's unclear how much the hackers actually stole.
Neither Barclays nor Prepay Technologies immediately responded to a request for comment from CRN. Amazon didn't comment specifically to Bloomberg on the merchant hack, but said fraudsters can target sellers with phishing emails to try to steal passwords and other data.
Barclays also declined to comment specifically on the case to Bloomberg, but said the bank tries to quickly close accounts used by criminals to help protect customers. Prepay, meanwhile, didn't immediately respond to request for comment from Bloomberg.
Bloomberg said that Amazon units named in the filing include Amazon Capital Services U.K., which makes loans available to sellers for up to one year. An Amazon report released this week indicates that the company provided more than $1 billion in loans to merchants in 2018.