From Safety Detectives:
The SafetyDetectives cybersecurity team uncovered an open ElasticSearch database exposing an organized fake reviews scam affecting Amazon.
The server contained a treasure trove of direct messages between Amazon vendors and customers willing to provide fake reviews in exchange for free products. In total, 13,124,962 of these records (or 7 GB of data) have been exposed in the breach, potentially implicating more than 200,000 people in unethical activities.
While it is unclear who owns the database, the breach demonstrates the inner workings of a prevalent issue affecting the online retail industry.
How the Process Works
The information found on the open ElasticSearch server outlines a common procedure by which Amazon vendors procure ‘fake reviews’ for their products.
These Amazon vendors send to reviewers a list of items/products for which they would like a 5-star review. The people providing the ‘fake reviews’ will then buy the products, leaving a 5-star review on Amazon a few days after receiving their merchandise.
Upon completion, the provider of the fake review will send a message to the vendor containing a link to their Amazon profile, along with their PayPal details.
Once the Amazon vendor confirms all reviews have been completed, the reviewer will receive a refund through PayPal, keeping the items they bought for free as a form of payment.
The refund for any purchased goods is actioned through PayPal and not directly through Amazon’s platform. This makes the five-star review look legitimate, so as not to arouse suspicion from Amazon moderators.
. . . .
2. Data related to the reviewers
Messages on the ElasticSearch server also contained other forms of directly and indirectly identifiable personal data exposing the reviewers themselves, such as:
- 75K links to Amazon accounts/profiles of review sellers
- PayPal account details (email addresses)
- Email addresses
- ‘Fan names’ – supposedly usernames, often containing names & surnames
Leaked PayPal account details and ‘fan names’ outline email addresses and what seems to be the usernames of people providing fake reviews. These details could be used to indirectly identify individuals, while many of them contained full names and surnames.
The Gmail addresses of reviewers were also provided to vendors directly via message. In total, 232,664 Gmail addresses have been exposed on the server, though some of the email addresses were duplicates.
. . . .
The ‘Gmail’ figure covers only those individuals who use Google as their mail provider. When we factor in the presence of other types of email accounts, such as Outlook, the enormity of this breach becomes apparent. 75,000 Amazon accounts were leaked as well, although there are potentially several duplicates included in this figure. Along with Amazon vendors compromised through their contact details, it’s reasonable to estimate that around 200,000-250,000 people were affected by this breach.
The server appeared to be located in China, and it is thought the leak affected citizens from Europe and the USA (at a minimum). In reality, the leak could have affected individuals from all corners of the world.
Link to the rest at Safety Detectives and thanks to O. for the tip.