UK legal documents obtained by Bloomberg show that e-commerce titan Amazon fell prey to “extensive” fraud that allowed cybercriminals to obtain access to around 100 seller accounts and transfer cash into their bank accounts, with the company confirming to the news agency that it had completed an investigation into the incident.
Amazon lawyers wrote in the document that they believe the fraud took place over a time period from May 2018 to October 2018, with attackers managing to change banking credentials associated with Seller Central accounts to ones they controlled at Barclays Plc and Prepay Technologies Ltd., Bloomberg reported. From there it was simply a matter of initiating transactions to drain the accounts, with the stolen cash coming from both sales proceeds and Amazon-backed business loans.
In the documents, Amazon attorneys requested a London judge to allow searches of statements for the Barclays and Prepay accounts. They acknowledged that the two institutions “have become innocently mixed up in the wrongdoing,” Bloomberg wrote, but added such access was necessary “to investigate the fraud, identify and pursue the wrongdoers, locate the whereabouts of misappropriated funds, bring the fraud to an end, and deter future wrongdoing.”
Amazon’s legal team wrote in the documents that they believed information necessary to break into the accounts was obtained via phishing attacks. Thus the incident is not necessarily due to any vulnerability in Amazon’s systems. It’s not clear how much money was stolen (though it was presumably a lot).
Amazon has had a contentious relationship with some third-party merchants on its platform, with complaints of one-sided contracts, disputes over ads for products that don’t make Amazon money, and a reports of a viciously cutthroat environment where merchants compete for digital real estate and Amazon makes summary judgments with an iron fist.
Vendors have reported incidents of Amazon pushing them out of the third-party Marketplace, where they can control prices, into vendor roles in its wholesale supply chain (and vice versa). Other reports have indicated that Amazon has launched investigations of whether its own employees have sold sensitive business data on the side to merchants looking to game the system. With the possibility of the company facing antitrust action at some point seemingly growing, Amazon and its CEO Jeff Bezos have at times appeared to be on the defensive, touting robust Marketplace sales as evidence it is not too powerful.