A new series of hacking attacks was reported, and this time, the victims that the hackers are targeting are independent sellers that are posting their products on Amazon. The attacks consist of hackers using stolen passwords from previous data breaches, logging into other people’s accounts, altering payments, posting fake details and alike.
They’ve already managed to steal “tens of thousands of dollars”, according to the Wall Street Journal, and this was done by changing the bank deposit information. The victims are also being lured with fake, non-existent items that are posted at big discounts.
It’s still unclear how many of the accounts are hijacked in this cyber-attack, but it’s known that something is going on since the malicious activity on some of the accounts has obviously spiked up in the other half of March. The hacked sellers’ lawyer, CJ Rosenbaum has stated that his clients have lost between $15,000 and $100,000.
The Amazon’s website warns the buyers and all of the users in general that the funds shouldn’t be sent directly, and the website itself withholds payments until the customers declare that they’re happy and satisfied with the purchase.
In the schemes that the hackers are pulling, they mostly claim they’re selling items that their potential customers desperately want, and at half the price as well. One of the products is the recently released Nintendo Switch, and the hackers that were offering it claimed that the shipping might take up to four weeks so that they could collect the payment before Amazon realizes what’s going on.
The Amazon spokesperson has stated that there are always those who would try to steal and take advantage of others and that the company is constantly innovating and refreshing their approach to security.
It’s being suspected that the credentials that the hackers used to break into these accounts were a part from earlier data leaks, from the hacks of some of the bigger companies. Several of these incidents were reported, especially when big companies like Yahoo and Dropbox were hacked.
After the data theft of these proportions, the information is traded on the dark web’s underground marketplaces. These places are specialized in selling data, drugs and similar illegal goods. After the attack like this, it’s highly recommendable for users to change their passwords, otherwise, they remain at risk of being attacked.
A hacker had claimed to have stolen more than 80,000 Amazon users credentials last July, but the company had denied that the breach occurred. In the year before that, around November 2015, Amazon issued a security warning to several users, and also a widespread password reset. Amazon itself has yet to comment on the latest development.