The database contained 7GB worth of data including fake Amazon product reviews and PayPal email addresses of scammers among other sensitive data.
Whoever uses Amazon makes up their mind about a particular product after checking out its reviews. But what if the reviews are fake and misleading?
The IT security researchers at SafetyDetectives discovered a China-based ElasticSearch server publicly available online without any security authentication. The researchers claim that this misconfigured database helped them unearth a well-organized scheme of Amazon vendors to produce fake reviews for their products on the website.
Database Contained Treasure Trove of Clues
Researchers observed that the server contained direct messages between Amazon vendors and customers regarding the provision of fake Amazon product reviews in exchange for free products. There were around 13, 124, 962 of these records, which amounted to 7 GB of data exposed in the breach.
SEE: New Amazon phishing scam stealing credit card data
This implies that over 200,000 people were involved in this unethical practice. The database included email addresses, surnames, reviewers’ Amazon account profiles, vendor phone and contact details on WhatsApp and Telegram, and PayPal account details.
Fake Amazon product reviews Scam- A Prevailing Issue
SafetyDetectives revealed that this scam begins when vendors send their reviewers a list of products and ask them to provide a 5-star review, a standard procedure in such scams. Their contacts purchase the products and leave a 5-star review on Amazon a few days later.
Once this is done, the contact sends the vendor a message containing a link to their Amazon profile and their Pay ..
Support the originator by clicking the read the rest link below.
