Artificial IntelligenceCryptocurrencyMetaverseCybersecurityTech Forward

Amazon Merchants Hit by Extensive Six-Month Fraud

May 8, 2019, 6:22 PM UTC
Hacker in front of the screen
ILLUSTRATION - ILLUSTRATION - The shadow of a man wearing a hoodie appears on the wall behind a laptop in Munich, Germany, 17 January 2018. Photo: Lisa Forster/dpa (Photo by Lisa Forster/picture alliance via Getty Images)
Picture Alliance via Getty Image Inc. was hit by an “extensive” fraud, revealing that unidentified hackers were able to siphon funds from merchant accounts over six months last year.

Amazon believes it was the victim of a “serious” online attack by hackers who broke into about 100 seller accounts and funneled cash from loans or sales into their own bank accounts, according to a U.K. legal document. The hack took place between May and October 2018, Amazon’s lawyers said in a redacted filing from November that can now be made public.

Amazon said it was still investigating the compromised accounts and believed that hackers managed to change details of accounts on the Seller Central platform to their own at Barclays Plc and Prepay Technologies Ltd., which is partly owned by Mastercard Inc., according to the filing.

The case highlights how the world’s biggest online retail platform — designed to be automated with minimal human input — can be misused and how difficult it is for Amazon to find perpetrators.

Lawyers for Amazon asked a London judge to approve searches of account statements at Barclays and Prepay, which “have become innocently mixed up in the wrongdoing,” it said.

An Amazon spokesman didn’t have an immediate comment. Representatives for Barclays and Prepay didn’t immediately return emails seeking comment.

Amazon needed the documents “to investigate the fraud, identify and pursue the wrongdoers, locate the whereabouts of misappropriated funds, bring the fraud to an end and deter future wrongdoing,” the company’s lawyers said in the court filing.

The filing doesn’t say how the suspected wrongdoers were able to add details of additional banks to the merchant accounts.

The Amazon units named in the filing include Amazon Capital Services U.K. Ltd., which makes loans available to sellers for up to one year. The first fraudulent transfer occurred on May 16, according to the filing.

Amazon said Tuesday that it issued more than $1 billion in loans to merchants in 2018. It’s unclear how much the hackers stole.

More must-read stories from Fortune:

—Trump used the same tax breaks as Amazon bring down his own IRS bill

—Warren Buffett Is Making an Unusual Bet on Amazon—Finally

—Why rideshare drivers are going on strike

—The 9 biggest IPOs of all time

—The uncomfortable truth about going public with a money-losing business

Follow us on Flipboard to stay up-to-date on the latest news and analysis