Amazon Data Breach: Third Party Sellers Hacked

Amazon’s third party sellers have had their accounts severely compromised as hackers take advantage of leaked user names and passwords from previous breaches.

While the origin of these most recent data breaches has not yet been pinpointed, over 80,000 Amazon Kindle login credentials were leaked in October 2016. Sellers within the Amazon community are speculating that these leaks may be behind the most recent hacks.

After discovering a list of email addresses and passwords had been posted online, Amazon reached out to selected registered customers via email urging them to change their passwords. Information leaks appear to be nothing new to the retail giant, although there has been a substantial increase in the number of reported incidences in recent weeks.

The latest security breach has seen hackers utilising usernames and passwords exposed in previous breaches, to infiltrate seller accounts within the Amazon interface. They are then altering the bank deposit information on the compromised accounts and siphoning off tens of thousands of dollars from unsuspecting Amazon users.

There are more than two million seller accounts on, accounting for more than half of its sales, and over 100,000 of those sellers earn more than $100,000 a year. It’s little wonder that Amazon’s expanding database of third party sellers have been the target of opportunistic hackers.

The data breach has allowed hackers to access reputable seller accounts and piggyback off their high profile ratings scamming unsuspecting customers into buying non-existent stock. Scammers are in and out of the sellers account before anyone is the wiser. They are then disappearing with the profits from their fake listings, and leaving the seller to handle the fall out.

In this latest bout of attacks, in addition to the funds that have been stolen from seller accounts fake items have also been listed for sale. Amazon’s current registration process allows sellers to post products for sale without proof of inventory required. Seller’s are often not even aware that they have been hacked until the complaints for undelivered stock begin rolling in from disgruntled consumers.

Amazon has been attempting to put a stop to this latest hacking trend, however, as the hackers are using stolen credentials, it can be difficult to identify which accounts have been hacked.

“Amazon is constantly innovating on behalf of customers and sellers to ensure their information is secure and that they can buy and sell with confidence on” said an Amazon spokesperson in a statement released by the company.

In a proactive measure, Amazon has also contacted many of the sellers who have potentially been affected by the data breaches urging them to update their passwords.

“As part of our routine monitoring, we discovered a list of email addresses and passwords posted online. While the list was not Amazon-related, we know that many customers reuse their passwords on multiple websites. Since we believe your email addresses and passwords were on the list, we have assigned a temporary password to your account out of an abundance of caution,” the email states.

Sellers are also urged by Amazon to activate a two-step authentication process and regularly check in on their account in order to safeguard against the very real threat of having their accounts hacked.

Never miss our best stories. Sign up to Power Retail’s  free weekly newsletter and find our daily stories on Facebook, Twitter and Instagram


0 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *