Misconfigured Database Exposes 200K Fake Amazon Reviewers
A misconfigured database has allegedly exposed a coordinated scheme by Amazon vendors to boost product ratings through utilizing fake accounts and reviews. Security researchers at SafetyDetectives located a China-based Elasticsearch server that was exposed to the public online, lacking any password protection or encryption. After looking further into the exposed database, the researchers found that the trove contained over 13 million records including details such as email addresses, WhatsApp/Telegram phone numbers of vendor contacts, and surnames, PayPal account details, and Amazon account profiles of fake reviewers.
According to Safety Detectives, the fake review scams traditionally begin with vendors sending their reviewer contacts lists of products for which they are attempting to procure five-star reviews. After posting the reviews, the commenter will be paid through PayPal to compensate them for the product purchase and will be allowed to keep the product itself as well. According to the exposed database, it seems that roughly 200,000 individuals were implicated in this scheme. SafetyDetectives discovered the database on March 1, and it was secured a week later. The security researchers were unable to track down the database’s owner.