A misconfigured database has reportedly exposed what appears to be a major coordinated scheme by Amazon vendors to generate fake reviews for their products. A China-based server exposed a scheme involving at least 200,000 people leaving fake five-star reviews for products on the site.
InfoSecurity reports that a misconfigured database has exposed what appears to be a major coordinated effort by Amazon vendors to procure fake reviews for their products. A team at AV reviews site SafeyDetectives found that the China-based Elasticsearch server exposed completely online without any password protection or encryption.
A 7GB database collection of 13 million records including the email addresses, phone numbers, PayPal account details, Amazon account profiles of reviewers as well as the email addresses and Whatsapp/Telegram phone numbers of vendor contacts.
SafetyDetectives claims that fake review scams take place when vendors send their reviewers a contact list of products, instructing the reviewers to rate the product five stars. After leaving the review and sending the vendor a link to prove the review has been posted, vendors pay the reviewer via PayPal.
The review site alleges that the leak implicates around 200,000 individuals in similar schemes. The SafetyDetectives team discovered that the database in March and it was secured shortly after.
The SafetyDetectives team stated:
Given the extent of the records and vendors included in the database, it’s possible that the server is not owned by the Amazon vendors running the scam. The server could be owned by a third party that reaches out to potential reviewers on behalf of the vendors.
Third parties might post a picture of the product in a Facebook or WeChat group, asking for reviews in return for free products. The server could also be owned by a large company with several subsidiaries, which would explain the presence of multiple vendors. What’s clear is that whoever owns the server could be subject to punishments from consumer protection laws, and whoever is paying for these fake reviews may face sanctions for breaking Amazon’s terms of service.
Read more at InfoSecurity here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address email@example.com