Major Data Breach Exposes Amazon Fake Reviews Scheme

By Page.One Team | May 20, 2021 | Amazon News
amazon fake reviews scheme Page.One Blog

Collecting reviews is a common and necessary practice for selling well online, but especially on Amazon.

Many customers make their final purchase decision based on reviews. When you’re on Amazon, the emphasis on brand is low. So, prospects have no other choice but to focus mostly on images, reviews, and copy.

With reviews playing such a significant role in sales success, it attracts fraudulent activity. For a long time, and still today, Amazon and other online retailers struggled with fighting fraudulent reviews.

Amazon has changed its review policies over the years to preserve the authenticity of reviews on its platform. They even went as far as creating a review program called the Early Reviewer Program (which was recently discontinued) to help sellers get a boost in reviews while following terms of service. Unfortunately, some sellers have continued to opt for the black-hat ways of getting reviews.

Common black-hat methods of getting reviews include offering free or heavily discounted products in exchange for a review and offering to refund the original purchase.

Amazon terms of service clearly state that incentivizing reviews is not allowed:

incentivizing reviews Amazon terms

Still, recently, despite Amazon’s continued revision and reinforcement of their review, a major data leak exposed millions of records showing sellers and customers involved in an organized Amazon fake review scheme.

In today’s article, we’re going to break down the details of what was found in the leak and outline the possible consequences the parties involved may face.

The Facts Behind The Breach

On March 1st (2021), a cybersecurity team connected with the cybersecurity review website SafetyDetectives.com found an unsecured server on the ElasticSearch database. The team monitored the server for several days before it was locked on March 6th.

The cybersecurity team wasn’t able to identify the owner of the server, but messages written in Chinese were found, which has them wondering if the server owner resides in China. Either way, the leak contains data from the U.S. and Europe.

In total, 13 million records were found. The data implicate over 200,000 people—both sellers and customers. The records include contact information like email addresses and phone numbers, 75,000 links to Amazon accounts and profiles, PayPal account information, messages, and usernames.

Apparently, the way the scheme worked is that the sellers would send reviewers a list of products they wanted a 5-star review on.

Then, the reviewers purchased the products on Amazon and left their 5-star reviews on the product listing. Sometimes the reviewers were given extra guidelines to follow like meeting a word count, using certain language, and adding a photo or video.

These extra guidelines are given to make the reviews look authentic and to reduce flagging from Amazon’s review algorithm.

Then, once the review was posted, the reviewers would send their Amazon reviewer profiles and PayPal details to the seller. The seller would refund the cost of the product via PayPal, and sometimes include an extra financial compensation on top.

Here’s an example—not from the breach—of what a communication like this may look like:

communication sample

Now, when something like this happens, it leaves the Amazon seller community wondering what happens next. Well, in the remainder of this article, we’re going to cover the possible consequences each party involved in this data breach may face.

The Consequences for Reviewers

Some sources speculate that reviewers can face major consequences for participating in the fake review scheme. This might be true in some cases, but it may be hard to determine if the reviewer knew they were breaking the law.

In past instances of exposed fake review schemes, Amazon appeared more focused on going after the sellers than the reviewers. Typically, the consequence for the reviewers was either a review ban or an account ban.

If the reviewers knowingly participated in breaking deceptive marketing laws, and they’ve done it for some time, then according to SafetyDetectives, depending on where they live, they may be subjected to fines as high as $10,000.

The Consequences for Sellers

When a seller starts selling on Amazon, they agree to Amazon’s terms of service. That means, the sellers identified in this breach could easily have their reviews removed and/or frozen, product listing removed, pending earnings withheld, their Amazon account terminated, or even face a lawsuit.

Amazon aside, sellers could also face lawsuits from the Federal Trade Commission (FTC) for deceptive marketing. In the U.S., penalties could be in the millions.

Recently, several popular technology brands suddenly had all their Amazon listings deactivated. Some are speculating that they may have been found to be part of this review scheme.

Here’s the storefront of one of the stores rumored to be affected:

amazon fake review rumored sample

Notice that all their product listings now say, “currently unavailable.”

Whether a seller was a part of the ElasticSearch database breach or not, Amazon says:

“We use powerful machine learning tools and skilled investigators to analyze over 10MM review submissions weekly, aiming to stop abusive reviews before they are ever published.”

While some sellers may have gotten away with breaking Amazon’s review policies for a while, with this latest breach, it’s likely to become harder for them to skirt the system.

The Consequences for The Server Owner

If the server owner is identified, they could face major legal consequences due to breaking consumer data protection laws.

According to SafetyDetectives, if the server is based in China, the server owner could face fines of up to $7.6 million—or 5% of company profits in the prior year. If the server is based in Europe, the fine can be nearly 20 million Euros—or 4% of the company income. If the server is based in the U.S., the server owner could face fines of up to $100 million.

SafetyDetectives cybersecurity team do not know whether hackers had access to the server, but if they did, that could pose even more issues—like phishing attacks, blackmail, identity theft, etc.—for the people involved in the review scheme.

Wrapping Up

When these review schemes get exposed, it only further complicates the Amazon landscape. Amazon may start placing limits on reviews and hinder potential growth for newer sellers on the platform. Or even for those current sellers who are obtaining reviewing legally and following Amazon terms of service.

On top of that, it may impact how prospects evaluate reviews too. Here’s what one commenter on an Amazon fake review article had to say:

Amazon exposed reviews comment

The best bet for getting reviews is to deliver on your promise and focus on improving your products. Maybe include an insert that expresses appreciation and asks for feedback. But as Amazon terms of service say, don’t use manipulative language that would encourage a customer to leave a certain type of review. Reviews are important, but they’re not worth risking your entire business over.

Happy Selling,

The Page.One Team

The Last Word:

Now is a great time to evaluate your review collecting practices. Read over Amazon’s “Customer Product Review Policies.” Make sure that you’re not asking for a positive review or offering to exchange a gift card, coupon, or free product, for a review. There are plenty of ethical ways to get reviews. We wrote an article about getting reviews that you can find here.

Shopping Cart
0