Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Over 200,000 people affected by Amazon review scam data leak

A database used to operate an Amazon fake reviews scam has leaked in a data breach, with the data trove revealing personal data for at least 200,000 people.

The reviews on Amazon have been plagued by fake reviews for quite some time, with fictional high-scoring testimonials propping up the score of products to make them look good on the online retailer's pages. A data breach allegedly shows some of the workings behind one of the scams, as well as hinting at the scale of the problem.

The scam operates by Amazon vendors sending lists of products to reviewers that they wish to receive a five-star review for. The reviewers then buy the items and provide a five-star "review" for it on Amazon.

The reviewer then sends a message back to the vendor, containing a link to their Amazon profile and PayPal details. The reviewer then receives the refund, and gets to keep the product they "reviewed" as payment, as well as an extra cash reward in some cases.

Security researchers from SafetyDetectives uncovered an open ElasticSearch database linked to one such operation on March 1, 2021. More than 13 million records, the equivalent of 7 gigabytes of data, were hosted in the open, without any form of password protection or encryption.

The database included email addresses as well as WhatsApp and Telegram phone numbers for vendors taking part in the scam. Messages linked to reviewers had directly and indirectly identifiable personal data, including over 75,000 links to Amazon accounts and profiles, PayPal account email addresses, other email addresses, and "fan names" believed to be usernames, but could contain names and surnames.

Vendors were also provided email addresses of reviewers to contact, including 232,664 Gmail addresses, though that also includes duplicates. In total, including Amazon vendors compromised via contact details, it is estimated by the researchers that between 200,000 and 250,000 people were affected.

While the server was based in China, it seems the leak may have primarily affected Europe and the United States, though the details could easily apply to any country in the world. The owner of the server is unknown, but it is anticipated that if discovered, they could be subject to punishments from consumer protection laws.

Vendors paying for fake reviews may also face sanctions from Amazon itself for breaking its terms of service. Individuals reviewing products could face penalties, depending on their country of residence and whether law enforcement or regulators are interested in prosecution.

Fake reviews are a major problem for any digital storefront, and this includes Apple. In February, a wave of fake reviews prompted criticism of Apple for not doing enough to combat them, while in April, one app scam was found to be grossing over $1 million in revenue per month.

Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.



18 Comments

dysamoria 12 Years · 3430 comments

I assume there will be no consequences. That’s why this crap keeps happening. There are even a lot of people who think this is perfectly fine, because “whatever it takes to win”...

Xed 4 Years · 2896 comments

dysamoria said:
I assume there will be no consequences. That’s why this crap keeps happening. There are even a lot of people who think this is perfectly fine, because “whatever it takes to win”…

Any consequences will be inconsequential so long as users don't don't care. It's been difficult, but I've mostly been able to remove Amazon sales from my life over the last couple years except for the most esoteric items.

GeorgeBMac 8 Years · 11421 comments

Xed said:
dysamoria said:
I assume there will be no consequences. That’s why this crap keeps happening. There are even a lot of people who think this is perfectly fine, because “whatever it takes to win”…
Any consequences will be inconsequential so long as users don't don't care. It's been difficult, but I've mostly been able to remove Amazon sales from my life over the last couple years except for the most esoteric items.

I've gone the opposite direction.   Trying to stay safe during this pandemic I've been avoiding brick & mortar stores and, for the first time, opened a prime account.   I've used it for a number of things -- but bulk food (coffee, steel cut oats, etc.) have been the most repetitive.

But, EBay remains my go to.   I just got a part for my lawnmower that would have been difficult or impossible to get anywhere else.

And, right now I'm shopping for some upgrades to home theater system.

neverindoubt 16 Years · 120 comments

I discovered Fakespot (iOS app and javascript bookmark for desktop) some time ago.

It analyzes the quality of Amazon reviews.

I've been pleased with my purchase experience since I began using it.

Easy to use, but as with all things, your mileage may vary.

6502 10 Years · 382 comments

I've gotten free products that I've left positive reviews for. They sent me the products before I left the review, so I could have said anything (but probably would not have been invited back if I left a bad review). The products were good and I left honest reviews.