We often hear reports of Amazon having trouble handling user data, but a recent report from Wired sheds more light into just how deep-seated Amazon’s inability to protect thousands of terabytes' worth of seller and customer data might be.
The plot is straight out of a Hollywood blockbuster: A fraudster in his twenties gaming the system while living the life. And it doesn’t help that he’s referred to himself as the “virus of Amazon” threatening to “let the war begin” and that his moniker is probably the most villainy thing you’ve heard all day—Krasr.
The scheme was detailed in one of Amazon’s internal quarterly six-pagers, which outline critical company concerns, not the least of which was concerns about how the ecommerce giant handles (or mishandles) its wealth of user data.
Krasr Hired Moles to Sabotage High-Ranking Sellers
Our antagonist has been the subject of exposés in the past, with a 2017 CNBC report identifying him as Mohamed Multhazim Akbar Ali. The recent report by Wired and Reveal details just how he managed to scam sellers out of their business while being able to sell his own counterfeits.
According to the Amazon memos, Krasr had moles inside Amazon working for him, whom he recruited through LinkedIn and Facebook. He then proceeded to use his insiders’ access privileges to copy best-selling products, suspend competing sellers, sabotage their reviews, and reinstate his own accounts that had been suspended by Amazon for suspicious activity.
The moles leaked him information on customer orders and internal business reports. Krasr would use the information to outrightly copy best-selling products and sell his counterfeits under his own brands (almost the same way that Amazon does).
The fraudster would also direct his moles to reinstate his accounts which Amazon had suspended for suspicious activity and even have them block sellers in good standing so that he can step in and offer his help for a fee.
Putting People Out of Business Overnight
In one operation, Krasr hijacked a business selling Jade rollers, which exploded into popularity via Instagram. According to the report, the business-owner Lam’s mother found her daughter’s face in listings for someone else’s Jade roller products. Turns out, Krasr had outrightly grabbed the photos to sell his counterfeit version.
Fast forward a couple of months and mysterious sellers on Amazon were issuing copyright infringement complaints against Lam, which led to her Amazon account being suspended.
Another scheme had Krasr attacking the listings of popular skin care seller Pure Daily Care. The brand’s storefront was eventually suspended during peak shopping season, and the company lost $400,000 in sales, was forced to let go of half of its employees and pay operating costs by liquidating inventory.
Data Leaks Are Nothing New for Amazon
For a marketplace as big as Amazon, some information falling through the cracks would be unsurprising, even forgivable, but every time a new scheme is unearthed, concerns come up about what the company is actually doing (if any) to protect its users’ data. Amazon itself naturally denies the gravity of these data breaches, although our list of incidents that say otherwise is getting pretty long:
- Recently, Dave learned that Amazon had over 1.28GB’s worth of data on him, and the data they collect, particularly those relating to reviews and advertising, are concerning to say the least.
- Just last year, charges were brought against high-profile Amazon consultants and sellers for illicit attacks on competitors and bribing Amazon employees, a conspiracy that ran from 2017–2020 and potentially making them liable for a whopping $100 million in damages—the first guilty plea was entered not much later.
- In 2018, The Wall Street Journal reported that Amazon employees were leaking data for bribes.
- The same team that uncovered Krasr’s fraudulent scheme also found out that an employee in China shared confidential information to a data broker, who proceeded to sell it on WeChat. The same report mentioned an Amazon insider logging into over 6,000 customer accounts and deleted the reviews they’d written.
Amazon Employees Access Your Data on a Regular Basis
Another alarming detail uncovered by Wired’s report is the regularity of Amazon insiders accessing personal information, despite of course being against the company's internal policies.
According to the report, a lot of low-level employees were using their access either to snoop on the purchases of their exes or favorite celebrities, help black-hat sellers sabotage businesses, and even doctor Amazon’s review system, and it doesn’t help that much of the data coming into Amazon’s hands are untracked.
The Bigger Picture
Amazon’s issues with information security will only grow as its own business grows, and perhaps it’s in for a much bigger explosion in the future than the ones mentioned earlier. Amazon now has over 200 million Prime members and over 1.5 million employees worldwide.
Cases like this also justify Congress’s incessant regulatory pressure on Big Tech, who control and process vast amounts of personal information on a daily basis. Amazon itself has been subject to heightened scrutiny over antitrust behavior and transparency.