IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Data breach exposes widespread fake reviews on Amazon

IT security researchers found an unsecured database that shows how the scam is organized

Cyber security researchers have discovered an unsecured database exposing a widespread scam in which Amazon customers write fake reviews in exchange for free products from Amazon vendors.

IT security experts with the Safety Detectives, an antivirus review website, found an unclaimed ElasticSearch server with no encryption or password protection.

“The server contained a treasure trove of direct messages between Amazon vendors and customers… potentially implicating more than 200,000 people in unethical activities,” the researchers wrote. “While it is unclear who owns the database, the breach demonstrates the inner workings of a prevalent issue affecting the online retail industry.”

The data breach exposed more than 13 million records and 7GB of data. The database was secured about a week after the cyber security team found it, but it remains unclear who controls it. The server’s owner appears to be based in China.

Data found on the ElasticSearch server showed how this scam works: 

Shady Amazon vendors send these fake reviewers the names of products they want 5-star reviews for. The reviewers buy the products and post their “reviews” soon afterward. 

Then the reviewer sends the vendor their PayPal information and Amazon profile. The reviewer secretly gets a refund from the vendor, so they keep the product for free. 

“The refund for any purchased goods is actioned through PayPal and not directly through Amazon’s platform,” the Safety Detectives said. “This makes the five-star review look legitimate, so as not to arouse suspicion from Amazon moderators.”

So, not only does this ElasticSearch database facilitate a widespread scam, but its owners’ carelessness exposed users’ personal data.

“It’s reasonable to estimate that around 200,000-250,000 people were affected by this breach,” the cybersecurity researchers said. “The server appeared to be located in China, and it is thought the leak affected citizens from Europe and the USA at a minimum.”

Messages on the server included the fake reviewers’ Amazon and PayPal account details, and email addresses. Vendors’ email addresses were exposed, as well as their WhatsApp and Telegram contact info.

“Although a lot of people providing fake reviews likely know what they’re doing, we must also highlight how vendors don’t advertise that fake reviews are illegal,” the cybersecurity researchers said. “Unassuming people may have been targeted by Amazon vendors with the offer of free products in return for a review.” 

“What’s clear is that whoever owns the server could be subject to punishments from consumer protection laws, and whoever is paying for these fake reviews may face sanctions for breaking Amazon’s terms of service.”

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Recommended

AWS plans to be 'water positive' by 2030
data centres

AWS plans to be 'water positive' by 2030

28 Nov 2022
2022 IBM's Security X-Force cloud threat landscape report
Whitepaper

2022 IBM's Security X-Force cloud threat landscape report

22 Nov 2022
2022 Magic quadrant for Security Information and Event Management (SIEM)
Whitepaper

2022 Magic quadrant for Security Information and Event Management (SIEM)

22 Nov 2022
Seven realities facing SMBs as they enter a future of increased cyber threats
Whitepaper

Seven realities facing SMBs as they enter a future of increased cyber threats

21 Nov 2022

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation
cyber crime

Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation

25 Nov 2022