It is not clear how much money was stolen in the incident. Hackers changed the account details for the affected sellers on Amazon’s Seller Center, and then siphoned away the funds to their own bank accounts. The breach took place between May and October 2018, but it was disclosed after Amazon filed a redacted document in a UK court, attempting to gather more information about the attack.
It has not been confirmed precisely how the hack was accomplished, except that it appears to have been a ‘spear phishing’ attack. This means that emails from a known or trusted source have been sent to induce the recipient into divulging credentials or other sensitive information. Amazon sellers are reported to have signed into their accounts after receiving a link or other prompt to log in from the phishing email. This enabled the hackers to steal their credentials.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now