Amazon was the target of an “extensive” cyberattack in which hackers stole money from merchant accounts and funneled them into their own, according to a report by Bloomberg.
The attacks occurred between May and October of 2018. Amazon said the hackers compromised about 100 seller accounts, taking cash from either loans or sales and putting it into their own accounts.
In a court filing, Amazon said it was still trying to figure out how the hackers got access to the accounts, but thinks the assailants somehow changed account details on the Seller Central platform to their own accounts at Barclays and Prepay Technologies.
Amazon lawyers have asked a judge in London to allow them to search account statements from the financial institutions, which Amazon says “have become innocently mixed up in the wrongdoing.” A spokesperson for Amazon said criminals can target sellers with phishing emails asking for personal information.
The documents requested by Amazon’s lawyers will reportedly be used to “investigate the fraud, identify and pursue the wrongdoers, locate the whereabouts of misappropriated funds, bring the fraud to an end and deter future wrongdoing,” the court filing said.
The filing does not provide details on how the hackers were able to add details from additional banks to merchant accounts. One of the Amazon units named in the case is Amazon Capital Services U.K., which provides one-year loans to sellers.
On Tuesday (May 7), Amazon said it had issued upwards of $1 billion in loans to merchants last year. It is unclear how much money the unidentified hackers stole.
In a statement cited by the outlet, Amazon Worldwide Consumer Division CEO Jeff Wilke said, “As we work to help them grow their businesses, we are making big investments in our delivery network, data centers, AI research (and) robotics.”