Amazon says hackers were able to steal funds from seller accounts last year

William Gayde

TS Addict
Staff member

Between May 2018 and October 2018, Amazon believes these hackers secretly began siphoning money out of the affected seller accounts. This appears to have been a well-organized attack to have been able to target so many accounts.

As is common now, it looks like the hackers got in through a phishing campaign. The legitimate sellers would have been presented with a fake log-in page which would in turn steal their credentials.

Once the hackers had this information, they were able to change payment information on the seller accounts to point to their own accounts. This allowed the hackers to steal money loaned to the sellers or a portion of the sellers' income. Financial records show the money was sent to accounts the hackers had at Barclays and Prepay Technologies.

The legal aspects of this case are playing out in the UK where the stolen money appears to have been wired to. Amazon became aware of the issue last November but the court documents have just now been made public.

Amazon said they have finished their investigation of the incident and have located the hackers responsible. Amazon's lawyers have also asked a judge in London to allow a search of account statements at Barclays and Prepay.

Bloomberg reached out to both companies for comment on the issue. Barclays declined to comment on the case itself but said they work quickly to close accounts suspected of involvement in such schemes. Prepay did not respond.

Update: A previous version of this article stated that Amazon had not been able to locate the hackers. That was true of the original court filing from last November, but they have since found the hackers.

Permalink to story.

 
Last edited:

Squid Surprise

TS Evangelist
How were sellers presented with a fake Log-In page ?

More details please!
Phishing scam.... generally, you get an email from someone pretending to be Amazon (or any other company) saying that "there is an issue with your account, please click on the following link to confirm your account details". If you're foolish enough to click on the link, you are directed to a website that looks just like Amazon, but of course... it isn't... it'll be something like www.amazonsecurity.co.nf instead of amazon.com... you "login" and it says "thank you for confirming" and you think "all is well" and you move on with your life...

Of course, what just happened is that you just sent your login info straight to a hacker (or group of hackers) who will now be pillaging your account...

As virtually everyone SHOULD know by now - DO NOT CLICK ON MYSTERIOUS LINKS!!
 
  • Like
Reactions: TheBigT42

Bullwinkle M

TS Maniac
How were sellers presented with a fake Log-In page ?

More details please!
Phishing scam.... generally, you get an email from someone pretending to be Amazon (or any other company) saying that "there is an issue with your account, please click on the following link to confirm your account details". If you're foolish enough to click on the link, you are directed to a website that looks just like Amazon, but of course... it isn't... it'll be something like www.amazonsecurity.co.nf instead of amazon.com... you "login" and it says "thank you for confirming" and you think "all is well" and you move on with your life...

Of course, what just happened is that you just sent your login info straight to a hacker (or group of hackers) who will now be pillaging your account...

As virtually everyone SHOULD know by now - DO NOT CLICK ON MYSTERIOUS LINKS!!
I was thinking the same, but if true, wanted more details on how they got so many seller's email addresses

It looks like an inside job (and sellers would want to know that) but the details are lacking to confirm

I say this because Amazon.com has the worst operational security ever!

They hand out personal information like it's common public knowledge without any concern for their customers privacy

It can't be incompetence because they are making boatloads of money

It could be plausible deniability however!
 
Last edited: