- Jun 9, 2013
- 6,720
Amazon’s ever-growing community of third-party sellers is being targeted by hackers, who are using stolen credentials to steal tens of thousands of dollars from the victims.
Amazon has more than two million sellers on the site accounting for more than half of its sales, according to the Wall Street Journal—and more than 100,000 of those gross more than $100,000 annually.
Hackers are using stolen credentials bought on the Dark Web from earlier data breaches to break into seller accounts. Once in, they can change the bank-deposit information for the account to siphon off sales. They’re also post “deals” on Amazon that are anything but—the merchandise advertised is nonexistent. The bad guys offer four-week shipping, hoping to get paid before Amazon (or the recipient) cops onto the fraud.
“The Amazon hack is an example of how identity has become the new attack vector, and hackers are all over that fact—taking stolen credentials from one breach and using them to access another website, all because a person chose to reuse a password across multiple sites,” said SailPoint president and co-founder Kevin Cunningham, via email. “This illustrates an interesting ‘chaining’ or ‘domino effect’ that data breaches can have across multiple organizations.”
Full Article. Hackers Count on Password Reuse in Amazon Third-Party Seller Campaign
Amazon has more than two million sellers on the site accounting for more than half of its sales, according to the Wall Street Journal—and more than 100,000 of those gross more than $100,000 annually.
Hackers are using stolen credentials bought on the Dark Web from earlier data breaches to break into seller accounts. Once in, they can change the bank-deposit information for the account to siphon off sales. They’re also post “deals” on Amazon that are anything but—the merchandise advertised is nonexistent. The bad guys offer four-week shipping, hoping to get paid before Amazon (or the recipient) cops onto the fraud.
“The Amazon hack is an example of how identity has become the new attack vector, and hackers are all over that fact—taking stolen credentials from one breach and using them to access another website, all because a person chose to reuse a password across multiple sites,” said SailPoint president and co-founder Kevin Cunningham, via email. “This illustrates an interesting ‘chaining’ or ‘domino effect’ that data breaches can have across multiple organizations.”
Full Article. Hackers Count on Password Reuse in Amazon Third-Party Seller Campaign
