Home News Amazon India suffers data breach; sellers’ financial information exposed

Amazon India suffers data breach; sellers’ financial information exposed


E-commerce giant Amazon has again suffered another technical glitch on its India portal that affected its sellers and vendors. The Seattle-based e-tailer stated that a bug in its website caused a data breach on January 08, 2019, that exposed sensitive financial information, including sales, category-wise split and inventory data of its sellers and vendors. Having around 400,000 online vendors and sellers across the country, Amazon said the issue was resolved within a few hours, but, the exact figure of affected members is not yet discovered.

The issue came to light after some Amazon vendors reported that they received incorrect data while downloading their Merchant Tax Reports (MTR) from the portal. It has been said that data of some sellers were visible to other competing sellers. An MTR statement holds information of all the order transactions processed by a seller on the e-commerce platform, which is usually downloaded from the portal between 8th-10th of every month.

Amazon faced a similar issue in November 2018. The company reported a technical error that exposed users’ personal information like names and email addresses. In an email sent to its customers, Amazon Customer Service cautioned that the company unintentionally exposed the users’ data due to a technical error. However, the Seattle-based e-tailer has not yet disclosed any details about the error.

Most of the customers who received the email speculated it was a scam or some kind of a phishing attack until Amazon’s UK press office confirmed the incident. “We have fixed the issue and informed customers who may have been impacted,” Amazon stated in a press note.

Also, in August 2018, a security team from Tencent Blade exposed new security vulnerabilities around Amazon Echo smart speakers. Researchers Wu HuiYu and Qian Wenxiang gave a live demonstration at the DEFCON security conference on how to hack a smart speaker. The researchers hacked the speaker by adding a malicious device embedded with an attack program. They notified Amazon of their findings before the presentation, and Amazon has already pushed a security patch to fix the issues.