Last Updated on 12/05/2021 by Khushi
image courtesy: news.softpedia.com
Researchers from cyber security found an database that is unsecured which shows how the scam is systemized.
Amazon logo on the front of one of their corporate offices located in Silicon Valley area. Researchers of cyber security have noticed an database which is unsecured unveil a far- flung scam in which Amazon consumers write faux reviews in exchange for free products from Amazon dealers.
Experts of IT security with the Safety Detectives, an antivirus review website, found ElasticSearch server which is unclaimed neither with encryption nor with password protection.
The server contained a repository of direct messages between the Amazon vendors and the customers. Decisively implicating more than 2,00,000 people in unscrupulous activities according to the researchers. While it is still vague who owns the database, the breach manifested the inner workings of a prevailing widespread issue affecting the e – retail industry.
Amazon releases new Fire tablets, which also included new kid-friendly type models .
The data breach unveiled more than 13 millions of records and 7GB of internet data. The database was made secure after about a week after the cyber security team found the breach , but it is still unclear about who’s controlling it. The owner of the server appears to be a person based in China.
Data that is found on the ElasticSearch server revealed how this scam works:
Hidden Amazon sellers send these faux reviewers the names of products for which they want 5-star reviews . The reviewers buy the commodities and post their reviews very soon.
Then the reviewer sends their vendor their online payments information such as PayPal information and Amazon profile. The reviewer discretely gets those money invested back from the vendor, so they keep the product received for free.
The refund to any purchased commodity is done through PayPal and not directly from the Amazon’s platform, said the detectives . This makes the review of five-star look very realistic , this helps the vendors to sell the commodities without the suspicion from Amazon moderators.
It can be reliable to estimate that around 200,000-250,000 persons or users were badly affected by this type of breach, according to researchers . The server that performed the attack seems to be located in China, and it is that the leakage of data affected citizens of the countries like Europe and the USA at a minimum.”
Messages that are on the server includes the fake reviewer’s Amazon and PayPal account’s credentials , and their email addresses. Many of the Vendor’s email addresses were out , as well as their WhatsApp and Telegram contact information was also out.
“It is that a lot of people who provides fake reviews likely know what they are doing, we must also highlight this how sellers don’t promote that fake reviews are illegal,” the researchers of cybersecurity said said. “at the meager folks that are been chosen by the Amazon sellers with the offer given that there’ll be of free products given for a review.”
It’s clear that who so ever owns the server are going to be subjected to punishment from customer protection laws, and who so ever is paying for these faux reviews may face penalities for breaking Amazon’s terms of service.”