1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Sellers Lose Thousands As Amazon Marketplace Is Hit By Hackers

Discussion in 'BlackHat Lounge' started by Asif WILSON Khan, Apr 17, 2017.

  1. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Jr. VIP

    Joined:
    Nov 10, 2012
    Messages:
    12,124
    Likes Received:
    33,652
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
    Hackers are targeting merchants who sell goods on Amazon’s marketplace.

    According to reports in the Wall Street Journal, the last several weeks have seen cybercriminals change bank deposit information on Amazon accounts of active sellers in order to steal tens of thousands of dollars from each, according to several sellers and advisers. Amazon sellers have also been reporting their accounts have been hacked by criminals to post nonexistent merchandise on. These are sellers who have not been actively using their accounts of late — and whose portals are being used to sell fake goods at a deep discount so that the crooks in question can pocket the cash.

    The fraud seems to be the net result of other hacks — password credentials lifted and resold on the dark web and sold to criminals who then use them (because consumers often recycle passwords with little to no variation) to hijack other accounts that consumers may have. PayPal and eBay have both faced similar hacks of late — though these days Amazon is a favored target, particularly as its “third party marketplace” grows.

    “Hacking Amazon is becoming…increasingly a big deal,” said Juozas Kaziukėnas, chief executive of Marketplace Pulse, a business intelligence firm focused on eCommerce. “The value to be gained is bigger as Amazon grows.”

    How widespread the Amazon attacks are is emerging, though the wave of expensive hits lately have made sellers worry about how good Amazon’s security measures actually are.

    Amazon currently has two million sellers and third party merchants in its marketplace — which collectively bring in more than half of its sales. There are reportedly over 100,000 sellers who make over $100,000 per year.

    According to a company spokesperson, “[Amazon] is constantly innovating on behalf of customers and sellers to ensure their information is secure and that they can buy and sell with confidence.”

    Amazon’s spokesman also noted that the firm withholds payment to sellers until it is confident customers have received their orders, and guarantees a full refund if a product doesn’t arrive or isn’t as advertised. Sellers who lost money will be made whole.

    “There have always been bad actors in the world who try to take advantage of consumers for financial gain; however, as fraudsters get smarter, so do we,” the spokesman added.

    The lawyer for the Amazon sellers, CJ Rosenbaum, notes that over a dozen merchants have sought his aid since being hacked. Most complain of losing about half of their monthly sales and are looking for Amazon to refund their money.

    Lightning X Products Inc. is one of the firms hit in the hack — it saw $60,000 evaporate from its Amazon account last month, said Andy Spivey, product manager of the Charlotte, N.C.-based bag maker.

    Mr. Spivey did say Amazon tried to warn him of suspicious activity — but by the time he responded to the warning and logged on, it was already too late and his bank account info had been changed.

    “We’re not sure how they gained access to the account,” Mr. Spivey said. Amazon told him Friday the money will be returned, he said.

    Spivey is a bit unusual in that he is an active seller on Amazon — the more popular hack certainly is on dormant Amazon accounts. The standard method there is to create thousands of new listings for highly favored (and highly priced) goods like electronics. Those goods are then marked down and marked for four week shipping. The goal is to collect the ill-gotten cash before Amazon catches on.

    Over 2.6 billion email addresses and passwords have been stolen in total from companies including Adobe SystemsInc., Myspace, and LinkedIn Corp., according to warning website Haveibeenpwned.com — which means hackers have plenty of places and options for stolen passwords and personal data on the web. Those credentials usually sell for between $1 – $3 a pop.

    The easy defeat for this fraud is to treat passwords like keys — use unique ones for every “door” into one’s digital life and set up two-factor authentication, so as to make it harder to gain access even if a hacker does have a password.

    Experts also suggest consumers beware if a popular item — such as the Nintendo Switch — seems priced in a way that’s too good to be true — suspiciously low prices are often a sign of hacking.


    SOURCE: http://www.pymnts.com/amazon/2017/sellers-lose-thousands-as-amazon-marketplace-is-hit-by-hackers/
     
    • Thanks Thanks x 7
  2. jeffro89

    jeffro89 Junior Member

    Joined:
    Sep 12, 2015
    Messages:
    119
    Likes Received:
    18
    Damn..
     
  3. soccerlover

    soccerlover Jr. VIP Jr. VIP

    Joined:
    Jun 12, 2014
    Messages:
    3,347
    Likes Received:
    1,738
    Gender:
    Male
    Occupation:
    Seo Analyst :D
    Location:
    ♥♥♥ BHW ♥♥♥
    Home Page:
    I hope they won't catch Amazon Affiliates like us :p Asif bhai :D
     
  4. toml3030

    toml3030 Elite Member

    Joined:
    Aug 16, 2014
    Messages:
    2,171
    Likes Received:
    737
    This is going to get a lot of amazon/ebay dropshippers banned when they try to drop ship fake listings.
     
  5. Paranoid Android

    Paranoid Android Jr. VIP Jr. VIP

    Joined:
    Jun 20, 2010
    Messages:
    1,717
    Likes Received:
    2,432
    Gender:
    Male
    Occupation:
    Pantie Thief
    Location:
    Native America
    you wear that anonymous hoodie and mask without authorization and you'll find out whos gonna get hacked next
     
  6. Aluminium

    Aluminium Jr. VIP Jr. VIP Premium Member

    Joined:
    Dec 5, 2013
    Messages:
    1,757
    Likes Received:
    933
    Gender:
    Male
    Occupation:
    High-Quality Content Provider
    Location:
    Canada
    Home Page:
    Yikes... wasn't Amazon reported as being larger than Wal-Mart now?
     
  7. DonGiovanni

    DonGiovanni Newbie

    Joined:
    Jan 26, 2016
    Messages:
    25
    Likes Received:
    7
    Gender:
    Male
    Time for everyone to switch from passwords to passphrases if you haven't already.
    Make lengthy passwords that aren't just words in the dictionary.
    Ex. Mypasswordnx6dr3istough
     
    • Thanks Thanks x 1
  8. bonerlicious

    bonerlicious BANNED BANNED

    Joined:
    Apr 12, 2017
    Messages:
    60
    Likes Received:
    84
    Gender:
    Male
    This is happening on Upwork too. Some poor schmuck got $12k stolen from his account after some guy logged into his account, changed his withdraw info and withdrew it to the hacker's Payoneer account. Felt bad for the guy.