Server Leaked Data of Over 200,000+ Amazon Users Involved in Fake Product Reviews

Server Leaked Data of Over 200,000+ Amazon Users Involved in Fake Product Reviews

An open ElasticSearch server with a database containing email addresses, PayPal details, and more information of over 200,000 individuals has been found online. The database supposedly contains the personal information of users who have likely been involved in Amazon fake product review schemes. 

The e-commerce giant is involved in a constant battle against dubious sellers who in an attempt to get ahead of the competition by generating fake reviews for their products. Often this involves using Amazon users willing to provide a positive review for a small compensation. The exposed database contained personal details of such individuals.

Safety Detectives researchers announced they found an unprotected server that contained 7GB of data and over 13 million records. Having analyzed the data, researchers concluded that the records were linked to a widespread fake review scam. 

Researchers do not know who owns the server for sure, but they think the bad actors may be from China judging by the messages in Chinese leaked by the server. 

Researchers say the database contained records of roughly 200,000 – 250,000 users and Amazon marketplace vendors and included user names, email addresses, PayPal addresses, links to Amazon profiles, WhatsApp and Telegram numbers, and direct messages between customers discussing providing fake reviews and compensation for them. 

Bad actors used a few methods for getting fake reviews. In one method, vendors sent a link to the item or product they wanted a 5-star review for, and the Amazon user would then purchase the item. Once a positive review has been posted, the client would pay via PayPal – Amazon would see it as a ‘refund,’ and the reviewer would keep the item for free. As refund payments are processed off Amazon, it is very difficult to detect such fake reviews. 

Researchers discovered the open ElasticSearch server on March 1, but the leak was noticed and the server was secured on March 6.

“The server could be owned by a third-party that reaches out to potential reviewers on behalf of the vendors [or] the server could also be owned by a large company with several subsidiaries, which would explain the presence of multiple vendors,” the researchers said. “What’s clear is that whoever owns the server could be subject to punishments from consumer protection laws, and whoever is paying for these fake reviews may face sanctions for breaking Amazon’s terms of service.”

Amazon’s community and review guidelines do not allow sellers to offer a “financial reward, discount, free products, or other compensation” for positive reviews. 


About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.