By now, most of us probably suspect that fake reviews on internet shopping sites are a real thing. Whether being offering so-called “free product trials” after buying something or encountering a review that makes the product a little too good to be true, it’s easy to assume that fake reviews are a thing that happens. Today, however, a new security breach is giving us a better idea of just how widespread this might be.
Earlier this year, the folks over at SafetyDetectives discovered an open ElasticSearch database that contained what they call a “treasure trove” of messages between Amazon vendors and Amazon customers regarding fake reviews. The vendors in question typically offered free products in exchange for positive reviews, and in all, SafetyDetectives says that as many as 200,000 people are implicated by the data breach.
More than 13 million records comprising 7GB of data was revealed by this ElasticSearch server, which was closed and secured several days after SafetyDetectives discovered it in early March. SafetyDetectives says that it was unable to identify the owner of that server, making it impossible to alert them that the server was sitting wide open. It’s clear, however, that the server contained communications between several different vendors and customers – not just a single vendor.
Information that was leaked includes email addresses along with WhatsApp and Telegram phone numbers belonging to vendors. Customer data that was leaked includes 75,000 Amazon profile and account links of those who were selling reviews, PayPal email addresses, email addresses, and “Fan names” that could include the first names and surnames of users.
Instead of communicating through Amazon, vendors and the people selling reviews would often communicate through other messaging apps. Review sellers, it seems, were often instructed to purchase the product from Amazon and wait a few days before publishing a positive review of it, often with instructions from the vendor regarding what to say and how to make the review seem credible. After that, they were promised a refund on the purchase price of item – which was often carried out through PayPal to avoid using Amazon’s systems – and were allowed to keep the item in exchange for their positive review.
Obviously, this has some pretty big implications for vendors and Amazon users who were participating in fake reviews, as accounts for both could be terminated and fines could be levied depending on where in the world these vendors and reviewers are based. If you have a moment, be sure to read through SafetyDetectives’ full report on this data breach, because there’s a lot of good information there – including tips on how to spot fake reviews on Amazon.