Between May 2018 and October 2018, Amazon believes these hackers secretly began siphoning money out of the affected seller accounts. This appears to have been a well-organized attack to have been able to target so many accounts.
As is common now, it looks like the hackers got in through a phishing campaign. The legitimate sellers would have been presented with a fake log-in page which would in turn steal their credentials.
Once the hackers had this information, they were able to change payment information on the seller accounts to point to their own accounts. This allowed the hackers to steal money loaned to the sellers or a portion of the sellers' income. Financial records show the money was sent to accounts the hackers had at Barclays and Prepay Technologies.
The legal aspects of this case are playing out in the UK where the stolen money appears to have been wired to. Amazon became aware of the issue last November but the court documents have just now been made public.
Amazon said they have finished their investigation of the incident and have located the hackers responsible. Amazon's lawyers have also asked a judge in London to allow a search of account statements at Barclays and Prepay.
Bloomberg reached out to both companies for comment on the issue. Barclays declined to comment on the case itself but said they work quickly to close accounts suspected of involvement in such schemes. Prepay did not respond.
Update: A previous version of this article stated that Amazon had not been able to locate the hackers. That was true of the original court filing from last November, but they have since found the hackers.