Data breach reveals scale of fake Amazon review network

An open source database has just revealed the scale of a network of fake reviews on Amazon. This database has indeed made public the identity of more than 200,000 people who appear to be involved in systems of false product evaluations on the platform of the giant of online commerce.

The American giant and sellers around the world are engaged in a constant battle to cripple their competitors and gain the advantage by generating false reviews on their products. This could be paying people to leave a complimentary review, or offering free items in exchange for a positive public review. How they operate and stay under Amazon’s radar varies, but an open ElasticSearch server has just exposed some of the inner workings of these systems.

Safety Detectives researchers revealed on Thursday that the server, both public and online, contained 7 GB of data and more than 13 million records that appear to be linked to a widespread scam based on posting fake reviews. The identity of the owner of the server is still unknown, but there are indications that the organization may be from China, due to messages written in Chinese that were leaked during the incident.

From 200,000 to 250,000 accounts involved

The database contained records of approximately 200,000 to 250,000 Amazon Marketplace users and sellers, including usernames, email addresses, PayPal addresses, links to Amazon profiles, and WhatsApp and Telegram numbers, as well as direct message recordings between customers happy to provide bogus reviews and traders willing to compensate them.

According to the Safety Detectives team, the leak could involve “more than 200,000 people”. The database, and the messages it contains, revealed the tactics used by questionable salespeople. One of these methods is for sellers to send a customer a link to the items or products they want 5-star reviews for, and the customer then makes a purchase.

A few days later, the customer leaves a positive feedback and sends a message to the seller, resulting in payment through PayPal – which can be a “refund” – while the item is kept free. Since refunds are not made on the Amazon platform, it is more difficult to detect fake paid reviews. The open Elasticsearch server was discovered on 1er March, but it was not possible to identify the owner. However, the leak was noticed and the server was secured on March 6.

A server of unknown origin

“The server could be owned by a third party reaching out to potential reviewers on behalf of the vendors [ou] the server could also belong to a large company with several subsidiaries, which would explain the presence of several suppliers ”, indicate the researchers. “What is clear is that the owner of the server could be subject to penalties under consumer protection laws, and whoever pays for these bogus reviews could be penalized for violating the terms of service of the server. ‘Amazon. “

Amazon’s product rating guidelines do not allow sellers to rate their own products or offer “financial reward, discount, free products, or any other compensation” in exchange for positive reviews – and that includes third party organizations. However, with Amazon being a leading online marketplace, it is likely that some sellers will continue to try to abuse the rating system to increase their income.

“We want Amazon customers to shop with confidence knowing that the reviews they are reading are genuine and relevant,” commented an Amazon spokesperson. “We have clear policies for both reviewers and sales partners that prohibit abuse of our community features, and we suspend, ban and take legal action against those who violate these policies. “

Source: .com

Back to top button