- Looking for an AI-powered website builder? Here's your best option in 2025
- My favorite Memorial Day TV deals 2025: Big-screen TVs are up to $5,000 off
- How to create a drop-down list in Excel and save yourself hours of time
- 5 essential gadgets for my bedtime routine (and why they make such a big difference)
- How to clear your TV cache (and why you shouldn't wait to do it)
Misconfigured Database Exposes 200K Fake Amazon Reviewers
A misconfigured database has exposed what appears to be a major coordinated scheme by Amazon vendors to procure fake reviews for their products.
At team at AV reviews site SafetyDetectives found the China-based Elasticsearch server exposed online without any password protection or encryption.
The 7GB trove contained over 13 million records including the email addresses and WhatsApp/Telegram phone numbers of vendor contacts, plus email addresses, surnames, PayPal account details and Amazon account profiles of reviewers.
According to SafetyDetectives, fake review scams typically begin with vendors sending their reviewer contacts a list of products for which they would like a five-star review.
After leaving the review and sending the vendor a link, the reviewer will be paid via PayPal to compensate them for the product purchase and will be allowed to keep the product itself as payment. The reviews site claimed that the leak implicated around 200,000 individuals in such schemes.
The SafetyDetectives team discovered the database on March 1 and it was secured around a week later, although the researchers weren’t able to track down its owner.
“Given the extent of the records and vendors included in the database, it’s possible that the server is not owned by the Amazon vendors running the scam. The server could be owned by a third party that reaches out to potential reviewers on behalf of the vendors,” it explained.
“Third parties might post a picture of the product in a Facebook or WeChat group, asking for reviews in return for free products. The server could also be owned by a large company with several subsidiaries, which would explain the presence of multiple vendors. What’s clear is that whoever owns the server could be subject to punishments from consumer protection laws, and whoever is paying for these fake reviews may face sanctions for breaking Amazon’s terms of service.”
There’s also a potential data security and identity fraud risk for those whose information was exposed in the privacy snafu, SafetyDetectives warned.
