 "Amazon hit by extensive fraud: Hackers stole money from 100 seller accounts")
Amazon.com Inc. said it was hit by an "extensive" fraud, revealing that unidentified hackers were able to siphon funds from merchant accounts over six months last year.
Amazon believes it was the victim of a "serious" online attack by hackers who broke into about 100 seller accounts and funneled cash from loans or sales into their own bank accounts, according to a UK legal document. The hack took place between May 2018 and October 2018, Amazon’s lawyers said in a redacted filing from November that can now be made public.
Amazon said it was still investigating the compromised accounts and believed that hackers managed to change details of accounts on the Seller Central platform to their own at Barclays Plc and Prepay Technologies Ltd., which is partly owned by Mastercard Inc., according to the filing. Amazon found the accounts were likely compromised by phishing techniques that tricked sellers into giving up confidential login information.
An Amazon spokesman said the company had finished its investigation of the incident.
The case highlights how the world’s biggest online retail platform -- designed to be automated with minimal human input -- can be misused and how difficult it is for Amazon to find perpetrators.
Lawyers for Amazon asked a London judge to approve searches of account statements at Barclays and Prepay, which "have become innocently mixed up in the wrongdoing.”
A spokesman for Barclays declined to comment specifically on the the case, but said the bank tries to quickly close accounts used by criminals to help protect customers. Representatives for Prepay didn’t return emails seeking comment.
Amazon needed the documents “to investigate the fraud, identify and pursue the wrongdoers, locate the whereabouts of misappropriated funds, bring the fraud to an end and deter future wrongdoing," the company’s lawyers said in the court filing.
The filing doesn’t say how the suspected wrongdoers were able to add details of additional banks to the merchant accounts.
The Amazon units named in the filing include Amazon Capital Services UK Ltd., which makes loans available to sellers for as long as one year. The first fraudulent transfer occurred on May 16, according to the filing.
Amazon said Tuesday that it issued more than $1 billion in loans to merchants in 2018. It’s unclear how much the hackers stole.
One subscription. Two world-class reads.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%