T.C. | An Internet database leak has uncovered a network of more than 200,000 people posting fake product reviews on Amazon in exchange for free product ratings. This was explained by the cybersecurity company SafetyDetectives, which discovered an open ElasticSearch database with a total of 13,124,962 records, weighing 7 GB, the researchers said in a statement.
The database contained a server that hosted direct messages between various Amazon sellers with 200,000 users who were willing to post fake reviews in exchange for free products. The sellers sent users a list of products for them to post days later with the highest rating, five stars, on the Amazon page.
After the publication of the positive review, users would send a message to the sellers, with their Amazon and PayPal account information, in order to receive a refund and be able to keep the products for free.
The refunds were carried out through PayPal and not through Amazon’s systems, and in this way the network avoided attracting the attention of the e-commerce platform’s moderators.
Among the 13 million records of between 200,000 and 250,000 people exposed in the leaked database are details of sellers such as their email accounts and phone numbers associated with WhatsApp or Telegram.
However, most of the information contained personal details of the users posting the reviews, including emails, 75,000 links to Amazon accounts, details about PayPal accounts and usernames that sometimes contained real names. In total 232,664 Gmail accounts were exposed.
The servers involved were located in China and the users affected by the leak were mainly from the United States and Europe. The database was exposed between the 1st and 6th of March 2021, when its providers re-secured it and made it inaccessible. SafetyDetectives has not been able to identify the owners of the fake rating network. Amazon, of course, claims to be unaware of the existence of such a practice.
