Over 200,000 people affected by Amazon review scam data leak

Posted:
in General Discussion
A database used to operate an Amazon fake reviews scam has leaked in a data breach, with the data trove revealing personal data for at least 200,000 people.




The reviews on Amazon have been plagued by fake reviews for quite some time, with fictional high-scoring testimonials propping up the score of products to make them look good on the online retailer's pages. A data breach allegedly shows some of the workings behind one of the scams, as well as hinting at the scale of the problem.

The scam operates by Amazon vendors sending lists of products to reviewers that they wish to receive a five-star review for. The reviewers then buy the items and provide a five-star "review" for it on Amazon.

The reviewer then sends a message back to the vendor, containing a link to their Amazon profile and PayPal details. The reviewer then receives the refund, and gets to keep the product they "reviewed" as payment, as well as an extra cash reward in some cases.

Security researchers from SafetyDetectives uncovered an open ElasticSearch database linked to one such operation on March 1, 2021. More than 13 million records, the equivalent of 7 gigabytes of data, were hosted in the open, without any form of password protection or encryption.

The database included email addresses as well as WhatsApp and Telegram phone numbers for vendors taking part in the scam. Messages linked to reviewers had directly and indirectly identifiable personal data, including over 75,000 links to Amazon accounts and profiles, PayPal account email addresses, other email addresses, and "fan names" believed to be usernames, but could contain names and surnames.

Vendors were also provided email addresses of reviewers to contact, including 232,664 Gmail addresses, though that also includes duplicates. In total, including Amazon vendors compromised via contact details, it is estimated by the researchers that between 200,000 and 250,000 people were affected.

While the server was based in China, it seems the leak may have primarily affected Europe and the United States, though the details could easily apply to any country in the world. The owner of the server is unknown, but it is anticipated that if discovered, they could be subject to punishments from consumer protection laws.

Vendors paying for fake reviews may also face sanctions from Amazon itself for breaking its terms of service. Individuals reviewing products could face penalties, depending on their country of residence and whether law enforcement or regulators are interested in prosecution.

Fake reviews are a major problem for any digital storefront, and this includes Apple. In February, a wave of fake reviews prompted criticism of Apple for not doing enough to combat them, while in April, one app scam was found to be grossing over $1 million in revenue per month.


Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.

Comments

  • Reply 1 of 18
    dysamoriadysamoria Posts: 3,396member
    I assume there will be no consequences. That’s why this crap keeps happening. There are even a lot of people who think this is perfectly fine, because “whatever it takes to win”...
    qwerty52
  • Reply 2 of 18
    XedXed Posts: 974member
    dysamoria said:
    I assume there will be no consequences. That’s why this crap keeps happening. There are even a lot of people who think this is perfectly fine, because “whatever it takes to win”…
    Any consequences will be inconsequential so long as users don't don't care. It's been difficult, but I've mostly been able to remove Amazon sales from my life over the last couple years except for the most esoteric items.
    watto_cobra
  • Reply 3 of 18
    GeorgeBMacGeorgeBMac Posts: 9,847member
    Xed said:
    dysamoria said:
    I assume there will be no consequences. That’s why this crap keeps happening. There are even a lot of people who think this is perfectly fine, because “whatever it takes to win”…
    Any consequences will be inconsequential so long as users don't don't care. It's been difficult, but I've mostly been able to remove Amazon sales from my life over the last couple years except for the most esoteric items.

    I've gone the opposite direction.   Trying to stay safe during this pandemic I've been avoiding brick & mortar stores and, for the first time, opened a prime account.   I've used it for a number of things -- but bulk food (coffee, steel cut oats, etc.) have been the most repetitive.

    But, EBay remains my go to.   I just got a part for my lawnmower that would have been difficult or impossible to get anywhere else.
    And, right now I'm shopping for some upgrades to home theater system.
  • Reply 4 of 18
    I discovered Fakespot (iOS app and javascript bookmark for desktop) some time ago.

    It analyzes the quality of Amazon reviews.

    I've been pleased with my purchase experience since I began using it.

    Easy to use, but as with all things, your mileage may vary.
    viclauyycjony0watto_cobra
  • Reply 5 of 18
    65026502 Posts: 372member
    I've gotten free products that I've left positive reviews for. They sent me the products before I left the review, so I could have said anything (but probably would not have been invited back if I left a bad review). The products were good and I left honest reviews.
    watto_cobra
  • Reply 6 of 18
    fred1fred1 Posts: 807member
    Xed said:
    dysamoria said:
    I assume there will be no consequences. That’s why this crap keeps happening. There are even a lot of people who think this is perfectly fine, because “whatever it takes to win”…
    Any consequences will be inconsequential so long as users don't don't care. It's been difficult, but I've mostly been able to remove Amazon sales from my life over the last couple years except for the most esoteric items.
    I have too. With their labor policies and also how they handle reviews (you can’t leave a review if you haven’t spent enough money at Amazon in the last year) I’d rather shop somewhere else. But it’s getting harder to find online booksellers that aren’t owned b6 Amazon.  
    watto_cobra
  • Reply 7 of 18
    ravnorodomravnorodom Posts: 334member
    Every time I left honest reviews of fake or ripped-off (ex: empty bottle with no contents) products and Amazon removed mine. Only fake 5 stars reviews are approved. I learned that any branded products should be purchased from their original brand site to be safe.
    edited May 10 qwerty52watto_cobra
  • Reply 8 of 18
    AppleZuluAppleZulu Posts: 1,109member
    Short version: If you haven't participated in a review-for-payment scheme, you're probably o.k.
    watto_cobra
  • Reply 9 of 18
    charlesncharlesn Posts: 158member
    Amazon could stop this easily and I'm not sure why they don't. Why do I have to use a third party site like Fake Spot to analyze the overall credibility of reviews for a product? Surely Amazon could do the same and with greater accuracy. Then, in place of reviews, slap an "Unreliable Reviews" label on the product page. Sales of that product would plummet, and all the monetary incentive for fake reviews would vanish instantly. Problem solved.  

    Fake reviews--not to mention fake products--undermine Amazon's business. As it stands, there are many products I will not buy on Amazon from third party sellers when it's an item with a known history of counterfeits, which could be anything from razor blade cartridges to products from high end designers. I know that even when Amazon is the seller, it's not completely immune from counterfeit products, but at least I know that's unintentional and not part of its business model.

    I also will not buy any non-brand name product, even with great reviews, until after I check them through Fake Spot--it's not foolproof, to be sure, but it's better than nothing. The vast majority of times, I find that great reviews for non-brand names fail a Fake Spot analysis, and I'm always pleasant surprised when even a "B" rating is returned for accuracy. 
    watto_cobra
  • Reply 10 of 18
    melgrossmelgross Posts: 32,998member
    Amazon doesn’t care because as long as sales are made, what’s the difference to them?

    I just recently had a problem. I buy machine tools and measuring equipment for my shops. Mostly NOT from Amazon, but I do buy small stuff. I saw a listing for a small measurement tool from a high quality American manufacturer, PEC. It was for a blemished tool. Manufacturers often sell slightly blemished tools if the blemish is minor and doesn’t affect the tool other than for looks. Most tools become blemished shortly after you buy them anyway, so I thought I’d buy it. 

    When it came, it was another manufacturer’s tool, iGage. They produce inexpensive tools, probably just labeled for them generic Chinese stuff, but not bad for the price. But the Pec was priced at double what the iGage was, and costs double that as an unblemished version. I called Amazon after checking the reviews, and found that I wasn’t the only one that this was done to by that vendor, who sent me the tool under a different name. I told the person it was a scam, and that they should check it out. She didn’t seem to have any interest in doing that, and said she sent an e-mail to them to fix the problem. I said that fixing the problem for me wasn’t the problem, and that Amazon should investigate both company names that were involved. Nope! She just wanted them to resolve the issue with me over this one sale.

    the company did send me an e-mail saying they would refund me the money if I sent it back to them, using the e-mailed label. I said I wasn’t going to spend all that time doing it. They finally agreed to send me half my money, and I could keep the product. Now, they know that if they make good for that customer, no further action by Amazon will be taken. But several people who had been taken in by this didn’t seem aware that they could fix their problem, and that’s what scammers count on. Meanwhile, they did send a couple of people the right tool, to show that that’s what they really meant to do all the time.

    so sure, do we really think they care about the fake reviews? Ha!
    roundaboutnowviclauyycqwerty52FileMakerFeller
  • Reply 11 of 18
    sflocalsflocal Posts: 5,658member
    Considering how much money Amazon makes, paying for a dedicated department that does nothing but fight these fake reviews would be considered a rounding-error on their financials.  So it's inexcusable that Amazon doesn't declare an all-out war on these scammers.  It's in their best interests to clean this up.
    kurai_kagewatto_cobra
  • Reply 12 of 18
    melgrossmelgross Posts: 32,998member
    charlesn said:
    Amazon could stop this easily and I'm not sure why they don't. Why do I have to use a third party site like Fake Spot to analyze the overall credibility of reviews for a product? Surely Amazon could do the same and with greater accuracy. Then, in place of reviews, slap an "Unreliable Reviews" label on the product page. Sales of that product would plummet, and all the monetary incentive for fake reviews would vanish instantly. Problem solved.  

    Fake reviews--not to mention fake products--undermine Amazon's business. As it stands, there are many products I will not buy on Amazon from third party sellers when it's an item with a known history of counterfeits, which could be anything from razor blade cartridges to products from high end designers. I know that even when Amazon is the seller, it's not completely immune from counterfeit products, but at least I know that's unintentional and not part of its business model.

    I also will not buy any non-brand name product, even with great reviews, until after I check them through Fake Spot--it's not foolproof, to be sure, but it's better than nothing. The vast majority of times, I find that great reviews for non-brand names fail a Fake Spot analysis, and I'm always pleasant surprised when even a "B" rating is returned for accuracy. 
    The problem is that even brand names on Amazon aren’t free from this problem. A few years ago Apple was getting a lot of rechargers, cables and other small Apple branded products back under warranty. When they checked them, they found that almost all of them were fakes. They then started buying Apple accessories and other small Apple branded products from Amazon.

    the result? Apple made it public. At least 90% of Apple branded small products sold on Amazon were fakes! 90%, people. I suspect that’s where a lot of those trash Apple branded cables come from. And likely, it’s not just Amazon. Other places such as eBay, and even some major retailers are selling these fake products. I only buy Apple branded products direct from Apple, never anywhere else.

    but Belkin has been known to have this problem too. We’re even seeing major, trusted Chinese brands being copied by other Chinese companies with fake copies.
    muthuk_vanalingamwatto_cobra
  • Reply 13 of 18
    melgrossmelgross Posts: 32,998member
    sflocal said:
    Considering how much money Amazon makes, paying for a dedicated department that does nothing but fight these fake reviews would be considered a rounding-error on their financials.  So it's inexcusable that Amazon doesn't declare an all-out war on these scammers.  It's in their best interests to clean this up.
    Is it really? Can we show that their ever increasing sales and profits would be even bigger if they fixed this? I doubt it.

    the only thing that will force companies to stop allowing these problems is if it’s legislated. If Amazon, and other companies, such as eBay, Etsy and others are forced to pay the customer each and every time they have a problem with a scam, or fake review, then they would work out which was more expensive for them, fixing the basic problem, or paying customers the cost of the product.
    muthuk_vanalingam
  • Reply 14 of 18
    melgrossmelgross Posts: 32,998member
    If these people in this database are those that are being paid, in one way or another, for fake reviews, then they’re part of the problem, and are themselves part of a criminal enterprise, as such, I really don’t care if their info goes public. Maybe some think that’s harsh, but there has to be some kind of punishment for those who are doing this. These organizations couldn’t scam people with reviews if people didn’t work with them, and so, they’re just as guilty as those who run the operation.

    if this causes some people who do this, or who are thinking of doing this, from actually doing it, then it’s served some useful purpose.
    watto_cobra
  • Reply 15 of 18
    I've long taken an approach where I look at the overall rating distribution, examining reviews at each level, and then going out of my way to read through 1* reviews.  Picky people that experience non-starter issues are most likely to details their complaints as a 1* review, and more than once I've found issues glossed over by other more favorable reviews, that would have driven me nuts, so I passed on that product in favor of something else.
    muthuk_vanalingamwatto_cobra
  • Reply 16 of 18
    mknelsonmknelson Posts: 790member
    dysamoria said:
    I assume there will be no consequences. That’s why this crap keeps happening. There are even a lot of people who think this is perfectly fine, because “whatever it takes to win”...
    Other sites are reporting that several manufacturers have been removed from Amazon. Aukey is one.
    watto_cobra
  • Reply 17 of 18
    melgross said:
    If these people in this database are those that are being paid, in one way or another, for fake reviews, then they’re part of the problem, and are themselves part of a criminal enterprise, as such, I really don’t care if their info goes public. Maybe some think that’s harsh, but there has to be some kind of punishment for those who are doing this. These organizations couldn’t scam people with reviews if people didn’t work with them, and so, they’re just as guilty as those who run the operation.

    if this causes some people who do this, or who are thinking of doing this, from actually doing it, then it’s served some useful purpose.
    While I largely agree, I'd want to be certain that the email addresses are legitimately attached to a real person. Scraping websites, buying lists of email addresses... there's a lot of ways for someone's email address to end up in nefarious hands, and compromises do happen.
    watto_cobra
  • Reply 18 of 18
    melgrossmelgross Posts: 32,998member
    melgross said:
    If these people in this database are those that are being paid, in one way or another, for fake reviews, then they’re part of the problem, and are themselves part of a criminal enterprise, as such, I really don’t care if their info goes public. Maybe some think that’s harsh, but there has to be some kind of punishment for those who are doing this. These organizations couldn’t scam people with reviews if people didn’t work with them, and so, they’re just as guilty as those who run the operation.

    if this causes some people who do this, or who are thinking of doing this, from actually doing it, then it’s served some useful purpose.
    While I largely agree, I'd want to be certain that the email addresses are legitimately attached to a real person. Scraping websites, buying lists of email addresses... there's a lot of ways for someone's email address to end up in nefarious hands, and compromises do happen.
    It’s more than the e-mail address. I believe that it’s transactions between the company and individuals as well. But yes, I agree, that it should be just for those who were involved, and those who weren’t shouldn’t be outed for nothing. But these address were were on that company’s database for a reason.
    edited May 11 watto_cobra
Sign In or Register to comment.