top of page


  • Chris Bratton - Tech Journalist

Thousands of fake Amazon review and database exposed

There are plenty of services exposed throughout the years that reveals service reviews. Large organisations hold hundreds and thousands of people under their wings who write fake reviews and we are not new in this scene. A recent data breach exposed thousands of fake reviews on Amazon. It was an unsecured database that managed to find its way to cybersecurity researchers.

Due to an open database breach, over 200,000 people got exposed to this scheme. Amazon fraudulent product review scheme doesn’t come as a surprise due to many products introduced to the platform every day. E-commerce battles are great, and many large companies pay huge money to do more business than the competition. But to compare with Amazon is not an easy task. One of the thoughts behind it is that competing e-commerce platforms are doing shady things. As Googles, new term contains, it will degrade the ranking algorithm for fraudulent data repetition.

The news spread on May 7th; reviewers receive the products for free in exchange for a five-star review. After the public feedback is complete, customers are paid in private, mainly through PayPal. It was previously recorded for a small number of products, but this time, cybersecurity teams proved and announced it in front of the world. It is not possible to hide this kind of shady behaviour under Amazon’s radar. As the market is thriving for a long time, there is no space to fill it with activities that may hamper the healthy environment. Data was captured from an open ElasticSearch server.

SafetyDetectives cybersecurity team published news on the breach. The exposed server contained a treasure trove of messages. Those are direct messages between customers and Amazon vendors. Most of them were related to receiving free product in exchange for a review. Almost 7 GB of data has been collected, and it has 13,124,962 records. More than 200,000 people are affected by this breach, according to them.

The outcome from open ElasticSearch falls under the “fake review” of products category. Buyers had to write a review on the merchandise after receiving it in a few days. Once done, fake reviewers would send their amazon profile link alongside PayPal details. Once the review is posted, they are paid, and the product is kept free. They are refunding the money, which is making reviews look legitimate.

Data Leak

We learned 13 million records were found with user email, location, phone number, ID name, and payment details. Series of fake reviews done via duplicate accounts and product interactions have also been recorded. In total, 75,000 Amazon profiles are exposed in a JSON file. It is possible to retrieve those accounts using the security information on the data dump.

“The server appeared to be located in China”, Cybersecurity researchers said, and “it is thought the leak affected citizens from Europe and the USA at a minimum.” Refund payments are made automatically in Amazon, making it harder to track similar fraudulent activity quickly. Vendors and reviews were written in Chinese, experts said, and it’s why they think the owners are also from China. ElasticSearch discovered the initial breach on March 1st, but they announced it to the public after securing the data after a few days. Outside parties are blocked from accessing the server. There are plenty of Amazon vendors running similar scams. It is also possible that large companies owned the server and are behind the action.

The review moderation team is running filters to avoid this type of incident further. Fake reviews are part of the reason why people still judge online marketplace.

The vendors use professional wording in communication mediums to avoid detection and avoid keywords that might trigger the whole operation. All means of flagging the protocols have been avoided brilliantly. Many of these vendors offer professional services as they would just send in the product and even write an excellent review of the product. Most reviewers know what they are getting into, and some aren’t.

Server owners have committed several fraudulent activities. They will receive misleading marketing material and damage to business offence punishment. According to Amazon’s terms and service agreement, they may choose to pursue legal action. GDPR protects damage to European citizens. They can charge up to $100 million against the organisations.

Furthermore, those who use online marketplace services should be careful before judging a product only by reviews. Checking usernames and appropriate reporting on a suspect is a good way to notice authority. For cross-checking, reviews account, relevancy, patterns etc., are vital signs.


bottom of page