The identities of over 200,000 people who appear to be participating in Amazon fraudulent product review schemes have been exposed by an open database.
There is an ongoing struggle between the e-commerce giant and shady traders all over the world who want to hamstring rivals and gain an advantage by creating fake product feedback. The ways in which they function and remain under Amazon's radar differ, but an open ElasticSearch server has revealed some of their inner workings.
Researchers from Safety Detectives reported on Thursday that the server, which was open to the public and accessible online, held 7GB of data and over 13 million documents appeared to be connected to a widespread fake review scam.
It is unknown who owns the server, but due to messages written in Chinese that were leaked during the incident, there are indications that the company might be based in China.
The database includes the user names, email addresses, PayPal addresses, links to Amazon accounts, and both WhatsApp and Telegram numbers, which also included records of direct messages between consumers willing to provide false reviews and traders willing to pay them.
The leak may implicate "more than 200,000 people in unethical activities," according to the team.
The database, as well as the messages it included, exposed the strategies used by suspicious sellers. One approach involves sending a customer a connection to the goods or products for which they want 5-star ratings, and the customer then makes a purchase.
After a few days, the customer leaves a positive review and sends a message to the vendor, which will result in payment via PayPal — which could be a 'refund,' while the item is kept for free. It's more difficult to spot fraudulent, paid reviews because refund payments are held off the Amazon website.
On March 1, an open ElasticSearch server was discovered, but the owner could not be identified. On March 6, however, the leak was detected and the server was secured.
"The server could be owned by a third-party that reaches out to potential reviewers on behalf of the vendors [or] the server could also be owned by a large company with several subsidiaries, which would explain the presence of multiple vendors," the researchers speculated. "What's clear is that whoever owns the server could be subject to punishments from consumer protection laws, and whoever is paying for these fake reviews may face sanctions for breaking Amazon's terms of service."
Vendors are not allowed to review their own goods or receive a "cash incentive, discount, free products, or other compensation" in exchange for positive reviews, according to Amazon's spokesperson and review policy which includes third-party organizations. However, since Amazon is such a popular online marketplace, it's likely that some vendors will continue to try to take advantage of review systems in order to increase their profits.
"We want Amazon customers to shop with confidence, trusting that the reviews they read are genuine and appropriate," a spokesperson for the company said. "We have clear policies for both reviewers and selling partners that forbid the misuse of our community features, and we suspend, ban, and taint people who break them," states the company.
