- Attackers gained access to seller accounts and siphoned off loan funds which were intended to be used for business and startup costs.
- Amazon noted that the accounts were likely compromised by phishing techniques that tricked sellers into providing their account details and login credentials.
What is the issue?
Amazon has revealed that it was hit with an extensive fraud campaign last year, whereby attackers compromised almost 100 seller accounts and stole the loan funds.
The big picture
The hack took place between May 2018 and October 2018, wherein attackers gained access to seller accounts and siphoned loan funds which were intended to be used for business and startup costs.
According to the filing, hackers managed to change the payment details of accounts on the Seller Central platform to their own bank accounts at Barclays Plc and Prepay Technologies Ltd., which is partly owned by Mastercard Inc.
A spokesperson for Barclays said that the bank is working to close the accounts used by the hackers. Meanwhile, Amazon noted that the accounts were likely compromised by phishing techniques that tricked sellers into providing their account details and login credentials.
How much money has been stolen?
The stolen loan funds which have been given by Amazon to its third-party sellers and businesses might be over hundreds of thousands of dollars. Amazon has disclosed that it has issued over $1 billion in loans to sellers in 2018. However, how much money has been stolen were not revealed in the filing.
Amazon needed the documents “to investigate the fraud, identify and pursue the wrongdoers, locate the whereabouts of misappropriated funds, bring the fraud to an end and deter future wrongdoing,” the company’s lawyers said in the court filing, Bloomberg reported.