100 Amazon Seller Accounts Got Phished, Breached, and Robbed

Photo: Getty

Last year, around 100 Amazon seller accounts were reportedly breached by cyber criminals, who funneled money they stole from from Amazon loans and customer sales into their own accounts.

The series of account takeovers are said to have taken place between May and October 2018, according to Bloomberg, citing redacted court records filed by Amazon’s U.K. attorneys.


Amazon said it could not comment on the ongoing court case, but its investigation into the matter is reportedly finished.

The accounts were not hacked; instead, sellers were tricked into surrendering their credentials in what’s commonly known as a phishing attack.

An Amazon spokesperson said that sellers occasionally receive phishing emails that appear to come from Amazon. The emails are aimed at fooling the sellers into entering their usernames and passwords into a fake website.

The company advises sellers not to attempt to login anywhere but Amazon’s website and only in a browser window they’ve opened themselves. More generally, opening links and documents received by email is a bad security practice.


The investigation, according to Bloomberg, determined that the criminals likely set up accounts at Barclays Plc and Prepay Technologies Ltd. to receive the stolen payments, a percentage of which Amazon itself paid out in loans to merchants.

In a statement, Barclays said it tries to shut down criminals’ accounts as quickly as possible.


Amazon encourages sellers who believe they’ve been targeted by phishing emails to contact the company at: stop-spoofing@amazon.com



Share This Story

Get our newsletter

About the author

Dell Cameron

Privacy, security, tech policy | Got a tip? Email: dell@gizmodo.com | Send me encrypted texts using Signal: (202)556-0846

PGP Fingerprint: A70D 517E FB9A 02C9 C56E 86D5 877E 64E7 10DF A8AEPGP Key
OTR Fingerprint: 2374A8EA 6D2B7712 0D82D659 C0FE8253 A3F080FD