Hundreds of Thousands Caught in Chinese 5-Star Amazon Review Scam: Report

By Author:
1,504 0
Jeff Bezos talks to the press during a news conference in Shanghai in June of 2007. An investigation by a cybersecurity firm into an unsecured ElasticSearch database located in China revealed an organization, most likely Chinese, had collected data on tens of thousands of Amazon vendors and hundreds of thousands of individual reviewers who participated in a scheme to sell 5-star Amazon ratings in exchange for free merchandise.
Jeff Bezos talks to the press during a news conference in Shanghai in June of 2007. An investigation by a cybersecurity firm into an unsecured ElasticSearch database located in China revealed an organization, most likely Chinese, had collected data on tens of thousands of Amazon vendors and hundreds of thousands of individual reviewers who participated in a scheme to sell 5-star Amazon ratings in exchange for free merchandise. (Image: MARK RALSTON/AFP via Getty Images)

A recent investigation into an unsecured database revealed approximately 75,000 Amazon vendors and 200,000 individuals involved in a scheme which traded 5 star reviews on Amazon for free merchandise. 

SafetyDetectives, a cybersecurity review site, discovered a misconfigured ElasticSearch database that had long been collecting the details of both Amazon vendors and reviewers involved in the scheme.

The group said the server appeared to be located in China and the company collecting the data appeared to be in China because “Records that were unrelated to messages between vendors and reviewers were written in Chinese.” 

In total, over 1.3 million entries were collected in the exposed database, which when parsed consisted of at least 75,000 Amazon vendor accounts and more than 220,000 Gmail accounts. The database also contained substantial personally identifiable information, such as Paypal accounts, WhatsApp and Telegram phone numbers, and “Fan Names,” which often contained names and surnames

“More than 13 million records, equating to 7GB of data, were exposed when the unclaimed ElasticSearch server was left open without any password protection or encryption. The personal data of people providing fake reviews, as well as Amazon vendors, could be found in leaked messages on the database,” SafetyDetectives said in a May 6 blog post.

The breach was discovered by the team on March 1. Five days later, the database was secured.

The scheme worked by having Amazon vendors initially send out a list of products they wished to boost with a campaign of five star ratings. Reviewers would then buy the product, leave a glowing review on Amazon, and inform the vendor through channels outside of Amazon when the process was completed.

The Amazon seller would then refund the buyer through Paypal, circumventing Amazon’s security team, after confirming the review had been made. The individual would keep the product for free as a reward for publishing the fake review.

In order to avoid being flagged by Amazon, vendors often instructed individuals to wait several days after buying the product before publishing the review and often coached buyers to use language containing or omitting specific keywords or phrases. 

SafetyDetectives concluded the server was likely owned by a third party who managed and arranged the scam, given the volume of both vendor and reviewer data and information collected in the database. They posited the database owner may be the one liaising the connection between vendors and reviewers who participate in the scheme

Vendors implicated in the scam may face penalties as severe as account closure or seizure of outstanding funds for violating Amazon’s Terms of Service, and could face hefty fines from the Federal Trade Commission or other regulatory bodies in excess of $10 million USD because fake reviews are considered to violate consumer rights.

Individual reviewers who participated in the scheme may themselves face fines up to $10,000 USD, and in some cases, prison. 

A wave of takedowns

According to a ReviewGeek report, Amazon has suspended listings of electronic accessory brand Aukey, although whether the suspension is related to the data breach is currently unclear. The official Aukey Amazon store now contains links that are either broken or lead to products currently unavailable.

“I’m currently reviewing a standing desk from Aukey, and it came with this note offering $100 for an “honest review,” which is against Amazon’s seller rules. No wonder Amazon is laying down the hammer,” tweeted Corbin Davenport, a journalist with XDA-Developers. 

Listings of Aukey competitor accessory manufacturer Mpow have also been similarly impacted.

Facebook the venue for recruitment

The issue of fake reviews on Amazon and other ecommerce platforms is a problem that has existed for some time. In August last year, researchers from USC and UCLA released a study, which found more than 20 Facebook groups dedicated to offering paid review services. 

Researchers found the groups averaged around 16,000 members, had over 560 postings per day, with some individuals being paid an average $6.24 commission on top of free product.

The study found in its abstract the effect was often only temporary and there were several indications the scheme was being used by low quality or fraudulent products,  “Soliciting fake reviews on Facebook leads to a significant increase in average rating and sales rank, but the effect disappears after roughly one month.” 

“After firms stop buying fake reviews their average ratings fall significantly and the share of one-star reviews increases significantly, indicating fake reviews are mostly used by low quality products and are deceiving and harming consumers.”

In February, an investigation by consumer group Which? found 702,000 fake reviewers working for five big review manipulation services, one of which boasted it had processed $8.9 million in free product refunds. 

“If online platforms do not take responsibility, the government must urgently strengthen online consumer protections, including platforms’ legal responsibilities for fake and misleading review activity, so that sites can be held to account if they fail to keep their users safe,” the organization said.

With reporting by Jonathan Walker

  • Neil lives in Canada and writes about society and politics.