Amazon Sellers Hit By Extensive Fraud Campaign
Amazon.com Inc. said it was infected by an “extensive” fraud that revealed unidentified hackers were able to remove money from merchant accounts last year.
Amazon believes that it has been the victim of a “serious” online attack by hackers who have broken into about 100 sales accounts and funnelled cash from loans or sales to their own bank accounts, according to a UK legal document. The hack took place between May 2018 and October 2018, Amazon’s lawyers reported in a revised November filing, which will be published soon.
Amazon stated that it was still investigating the vulnerable accounts and believed that hackers managed to obtain the account information on the Seller Central platform at Barclays Plc and Prepay Technologies Ltd., which is partially owned by Mastercard Inc. Amazon found that the accounts were likely to be compromised by phishing techniques that tricked sellers into giving up confidential login information.
An Amazon spokesman said the company had completed the investigation into the incident.
The case shows how the world’s largest online e-commerce platform – which should be automated with minimal human effort – can be abused and how difficult it is for Amazon to find the culprits.
Amazon lawyers have asked a London judge to authorize the search of bank statements at Barclays and Prepay as they accidentally got caught up in the wrongdoing”
A spokesman for Barclays declined to comment specifically on the case, but said the bank tried to quickly close the accounts used by criminals to protect customers. Prepayers have not responded to the comment.
Amazon needed the documents “to investigate the fraud, identify and pursue the wrongdoers, locate the whereabouts of misappropriated funds, bring the fraud to an end and deter future wrongdoing,” the company’s lawyers said in the court filing.
The filing doesn’t say how the suspected wrongdoers were able to add details of additional banks to the merchant accounts.
The Amazon units named in the filing include Amazon Capital Services UK Ltd., which makes loans available to sellers for as long as one year. The first fraudulent transfer occurred on May 16, according to the filing.
Amazon said Tuesday that it issued more than $1 billion in loans to merchants in 2018. It’s unclear how much the hackers stole.