Amazon is investigating several incidents in which employees in the US and China allegedly stole internal data to sell on to third parties.
People who are familiar with the investigation told the Wall Street Journal (WSJ) that internal sales data, reviewers' emails addresses and offering to delete negative reviews are among those offered by 'brokers' for between $80 and $2,000.
Sellers would be enticed by such offers to gain an advantage over rivals, and game the automated ranking system. Contact information for reviews, for example, would allow sellers to approach users to ask them to change negative reviews.
"We have strict policies and a Code of Business Conduct & Ethics in place for our employees," an Amazon spokesperson told IT Pro.
"We implement sophisticated systems to restrict and audit access to information. We hold our employees to a high ethical standard and anyone in violation of our Code faces discipline, including termination and potential legal and criminal penalties.
"In addition, we have zero tolerance for abuse of our systems and if we find bad actors who have engaged in this behavior, we will take swift action against them, including terminating their selling accounts, deleting reviews, withholding funds, and taking legal action.
"We are conducting a thorough investigation of these claims."
Eric Broussard, Amazon's vice president for international marketplaces opened an internal probe in May, the WSJ report continued, after being tipped off about such activity in China.
The company has also shaken up the top roles in China in an effort to clamp down on any illicit activity that may have been overseen from a senior level.
Product rankings on Amazon are determined by a combination of factors - with reviews being one of the most crucial. WSJ says the rate for deleting one review amounts to $300 in China - with brokers usually demanding a five-review minimum. Sales data, meanwhile, would cost closer to $80.
Amazon recently reached the $1 billion dollar valuation milestone, becoming the second company to achieve this following Apple in August. But the firm has sustained criticism, in the US especially, for paying its employees relatively low wages, and for "prison-like" working conditions in its warehouses.
-
RSAC Conference 2025: The front line of cyber innovationITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
Anthropic CEO Dario Amodei thinks we're burying our heads in the sand on AI job lossesNews With AI set to hit entry-level jobs especially, some industry execs say clear warning signs are being ignored
-
PyPI attack: Targeting of repository 'shows no sign of stopping'News Greater collaboration and understanding of attackers’ tactics is key to mitigating open source security threats
-
Capita's handling of cyber attack shows companies still fail at breach reportingAnalysis Capita initially told customers there was “no evidence” of data having been compromised in the March cyber attack
-
Malware being pushed to businesses by search engines remains a pervasive threatNews High-profile malvertising campaigns in recent months have surged
-
There's only one way to avoid credential stuffing attacksOpinion PayPal accounts were breached last year due to a credential stuffing attack, but can PayPal avoid taking responsibility?
-
Five things to consider before choosing an MFA solutionIn-depth Because we all should move on from using “password” as a password
-
Cyber security suffers from a communication problemNews Negative language around ‘human failures’ is eroding trust between security teams and broader business functions - it has to stop
-
Does LastPass really deserve a last chance?Opinion After several disastrous security incidents and a communications breakdown, it’s time to leave LastPass for pastures new
-
What is the spell-jacking vulnerability and how can your business avoid exposing data?
In-depth Spell-jacking vulnerabilities are threatening to unwittingly leak data to third parties, undermining any drive to protect privacy
