Amazon's fake review organization reveals database leaks containing more than 200,000 personal information

Safety Detevtives, a security product review site, has announced that it has discovered a database of organizations that perform fake reviews on Amazon. This database contains interactions between sellers requesting fake reviews and their customers, including more than 200,000 email addresses and PayPal accounts.

Amazon Fake Reviews Scam Exposed in Data Breach

The database in question was found on ElasticSearch 's Chinese server, a distributed search engine. The database recorded 13 million exchanges equivalent to 7 GB, and it seems that it was published online without a password and without encryption.

The database included 232,664 Gmail addresses from sellers and reviewers, as well as contact details such as WhatsApp and Telegram numbers. In addition, it seems that 75,000 links to the Amazon account in charge of the review and personal information such as user name and PayPal account were also recorded.

Basically, the communication between the seller and the reviewer is done in Chinese, and it is thought that the company that owns the database is also in China. Safety Detevtives discovered a database breach on March 1, 2021, but was unable to identify the owner and notify the database breach, so it notified ElasticSearch on March 6 to protect the database. , The access from the outside was blocked.

According to SafetyDetevtives, sellers list products that they plan to get 5 stars in their reviews and send them to reviewers, who are 5 stars a few days after purchasing the product. I was posting a review on Amazon. Safety Detevtives points out that putting a few days between purchase and review is a workaround to prevent Amazon moderators from detecting fake reviews.

Then, after confirming that the 5-star review has been posted, the seller will refund the product price to the reviewer through PayPal. The refund process does not go through Amazon's platform, so you can request a 5-star review without being suspected by Amazon moderators.

It is thought that the exchange of this review request was distributed to various means such as email, Facebook, WhatsApp, etc. in order to prevent discovery, and a database for centralizing and centrally managing the exchange was discovered this time. That's what Safety Detevtives speculates.

Of course, fake reviews violate Amazon's Terms of Service, Amazon will cancel all seller accounts, delete all product pages, and Amazon will collect all uncollected sales revenue. In addition, Amazon may file proceedings against sellers who request fake reviews in its Terms of Service. In addition, reviewers who are conducting fake reviews may also be fined or imprisoned depending on the size and region.

Safety Detevtives also pointed out that the owner of the leaked database violates data protection laws and could be fined up to $ 7.6 million. It also contains the personal information of Amazon users in the United States and Europe, which could result in huge fines for database owners in accordance with their respective laws.

Safety Detevtives calls for you to be aware of the following to avoid being fooled by fake reviews:

・ Skeptical about extreme evaluation reviews
・ Doubt reviews that are difficult to read without using emotional words
・ A 5-star review that is bland and uses the same text as others is suspicious.
・ Be wary of reviews that are too short
・ Pay particular attention to brands you do not know
・ See the relationship between the review content and the product
・ Compare with low-rated reviews
・ Check the reviewer's account
・ Check the date before or a few days after the product is released to see if it has been reviewed.
Use sites such as 'Review Detective ' and ' Sakura Checker ' that can judge whether a review is a bad idea online.

in Web Service,   Security, Posted by log1i_yk