Scammers Accidentally Expose Amazon Fake Review Data, Implicating Over 200,000 People
KEY POINTS
Customers receive their money back and also get to keep items for free
Not all fake reviewers were aware that they are doing things illegally
An unsecured database has just exposed a large-scale Amazon fake product review scam that implicates independent Amazon vendors and users in unethical and illegal behavior. The database containing information from scammers revealed a breach.
In a blog post on May 6, Safety Detectives revealed an unsecured ElasticSearch database that exposed 13 million records of organized fake review scams.
The server contained 7G of data, including direct conversations between Amazon independent vendors and customers involved in the massive product review scam. The total of 13,124,962 records involved almost 200,000 to 250,000 Amazon account profiles, Gmail addresses, usernames, PayPal account details, and some real names.
The data breach exposed more than 13 million records and 7GB of data. The database was secured about a week after the cyber security team found it, but it remains unclear who controls it. The server’s owner appears to be based in China.
Data found on the ElasticSearch server showed how this scam works:
Shady Amazon vendors send these fake reviewers the names of products they want 5-star reviews for. The reviewers buy the products and post their “reviews” soon afterward.
Then the reviewer sends the vendor their PayPal information and Amazon profile. The reviewer secretly gets a refund from the vendor, so they keep the product for free.
Une fuite de données révèle l ampleur d un réseau de faux avis sur Amazon zdnet.fr - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from zdnet.fr Daily Mail and Mail on Sunday newspapers.
Bykea admits vulnerability in its database but denies any breach
The company has now engaged cybersecurity firms for data protection SAMAA | Bilal Hussain - Posted: Feb 2, 2021 | Last Updated: 2 months ago SAMAA | Bilal Hussain Posted: Feb 2, 2021 | Last Updated: 2 months ago
Photo: Bykea/Facebook
Bykea, the two-wheel ride-hailing service provider, has confirmed that Safety Detectives helped it resolve a vulnerability in its database. However, the white hats, or ethical hackers, were not given either the bounty or recognition they deserved, it said.
âIt was not a data breach,â said Rafay Baloch, a cybersecurity researcher. âThey [safety detectives] found a loophole [vulnerability] in Bykeaâs servers leading to data exposure.” Â Â