A new wave of cybercrime was reported on the biggest online marketplace, Amazon. Hackers have started using third-party sellers to scam buyers and other merchants to steal thousands of dollars by offering nonexistent goods and by changing the bank account details.
In the last several weeks, more and more cases of hacking attacks have been reported. Hackers have started using dormant accounts to scam others with nonexistent items, change bargain prices and more, then they’d simply collect the cash and disappear without a trace, as reported by the Wall Street Journal.
Even though the buyers are getting a refund, the sellers are the ones who are in trouble. They’re the ones getting blamed for taking the money and not delivering the goods.
Related: Hacker Steals Amazon Marketplace Credentials from 3rd Party Server
One of the account holders, Margina Dennis, who works in New York as a professional makeup artist, has received over a hundred emails from customers who want to know why their Nintendo Switch hasn’t arrived. Upon investigation, it was discovered that her account was one of the hacked ones and the hackers used it to scam customers. She’s in tens of thousands of dollars in debt because of this incident. She can’t even access her account since the hackers changed the password.
She, and many others like her, are deeply disappointed with Amazon and don’t want to have anything to do with the company anymore. On the other end, the company is working hard on finding the solution to ensure that the sellers don’t have to deal with the financial burden caused by the security breach.
Erik Fairleigh, Amazon’s spokesperson has stated that the company is constantly working on improving the security so that their customers can buy and sell knowing that they’re safe and won’t get cheated out of their money. He’s also stated that there were always people that would try to steal what others achieved through hard work, and now they are getting smarter, but on the other hand, so is the security of companies like Amazon.
Amazon advises its customers to turn on the two-step authentication, regularly check in on their account and change the password on regular basis.
Related: A Minor Typo Brought the Entire Internet Network of Amazon Down
It’s suspected that the hacks are a result of previous attacks during which the credentials might have been obtained and then sold to the current attackers on the dark web. This is a common practice among the hackers when a stolen info is often being sold to the highest bidder. The stolen information is then being tried out in many different places, and sometimes, if it’s the same, they get access to another one of your accounts. For better understanding; the LinkedIn security breach is the best example how hackers, especially from the OurMine hacking group, bought stolen LinkedIn accounts from Dark Web and hacked celebrities like Twitter’s CEO Jack Dorsey Google’s CEO Sundar Pichai and Facebook’s Zuckerberg.
In Amazon’s case, it was discovered that some of these hacks are a result of two-decades-old attacks, and Amazon is being criticized for letting dormant accounts stay operational for such long periods of time.
There are around two million sellers on the Amazon market, and about one hundred thousand of those are getting involved with over a million dollars’ worth of goods. This is the reason why they’ve become such an interesting project for hackers. It’s unknown who’ll end up being responsible for the incident, but it’s clear that Amazon needs to improve its security.