Amazon found the accounts were likely compromised by phishing techniques that tricked sellers into giving up confidential login information.
Amazon.com
Inc. said it was hit by an "extensive" fraud, revealing
that unidentified hackers were able to siphon funds from merchant
accounts over six months last year.
Amazon
believes it was the victim of a "serious" online attack by
hackers
who broke into about 100 seller accounts and funneled cash from
loans or sales into their own bank accounts, according to a UK legal
document. The hack took place between May 2018 and October 2018,
Amazon’s lawyers said in a redacted filing from November that can
now be made public.
Amazon
said it was still investigating the compromised accounts and believed
that hackers managed to change details of accounts on the Seller
Central platform to their own at Barclays Plc and Prepay Technologies
Ltd., which is partly owned by Mastercard Inc., according to the
filing. Amazon found the accounts were likely compromised by phishing
techniques that tricked sellers into giving up confidential login
information.
An
Amazon spokesman said the company had finished its investigation of
the incident.
The
case highlights how the world’s biggest online retail platform --
designed to be automated with minimal human input -- can be misused
and how difficult it is for Amazon to find perpetrators.
Lawyers
for Amazon asked a London judge to approve searches of account
statements at Barclays and Prepay, which "have become innocently
mixed up in the wrongdoing.”
A
spokesman for Barclays declined to comment specifically on the the
case, but said the bank tries to quickly close accounts used by
criminals to help protect customers. Representatives for Prepay
didn’t return emails seeking comment.
Amazon
needed the documents “to investigate the fraud, identify and pursue
the wrongdoers, locate the whereabouts of misappropriated funds,
bring the fraud to an end and deter future wrongdoing," the
company’s lawyers said in the court filing.
The
filing doesn’t say how the suspected wrongdoers were able to add
details of additional banks to the merchant accounts.
The
Amazon units named in the filing include Amazon Capital Services UK
Ltd., which makes loans available to sellers for as long as one year.
The first fraudulent transfer occurred on May 16, according to the
filing.
Amazon
said Tuesday that it issued more than $1 billion in loans to
merchants in 2018. It’s unclear how much the hackers stole.
No comments:
Post a Comment