Bank accounts of nearly 100 Amazon merchants hacked in a 'serious' online fraud

Amazon merchant fraud occurred between May and October last year

Amazon is believed to have been the latest victim of an extensive fraud campaign that led to the hacking of bank accounts of nearly 100 Amazon merchants.

The fraud occurred between May and October last year, according to Bloomberg, enabling hackers to transfer funds from merchant accounts. The report is based on redacted UK legal documents filed by Amazon in November 2018.

While specific details of the scam are not yet available, the documents suggest that hackers exploited sellers' accounts and replaced credentials stored on the Seller Central platform with accounts at Barclays Plc and Prepay Technologies Ltd.

The first fraudulent transaction was carried out on 16 May 2018, as per the filing.

Amazon said it is currently investigating the scam.

AI & Machine Learning Live is returning to London on 3rd July 2019. Hear from the Met Office's Charles Ewen, AutoTrader lead data scientist Dr David Hoyle and the BBC's Noriko Matsuoka, among many others. Attendance is free to qualifying IT leaders and senior IT pros, but places are limited, so reserve yours now.

It is yet unclear how the criminals succeeded in changing bank details of the seller accounts, but Amazon believes that sellers may have fallen prey to a phishing attack and provided their private account details to hackers.

Amazon lawyers have now asked a judge in London court to allow searches of account statements at Prepay and Barclays in the hope of finding out more information about the fraud, identifying the criminals, trace the misappropriated funds transferred into hackers' accounts, and deter criminals from future wrongdoings.

Amazon units mentioned in the legal filing include Amazon Capital Services UK, according to Bloomberg. Amazon Capital Services provides loans to merchants for up to one year. Last year, the company provided over $1 billion in loans to sellers, as per a report by Amazon.

The incidents highlight how even the largest online retail platform in the world can be exploited by cyber-criminals and how difficult it can be for the company to identify the culprits.

In a statement, Barclays told Bloomberg that it takes all necessary steps to protect customers from online fraud and also tries to quickly freeze accounts that it believes are being used for cyber crime.

Prepay didn't immediately respond to a request for comment on this particular incident.