Identities of more than 200,000 individuals who appear to be involved in Amazon fake product review schemes, were leaked on an open database.

It’s a well-known fact that between the e-commerce giant and dubious sellers, worldwide exists an ongoing battle, caused by the fact that the sellers in question hamstring competitors and gain an edge by generating fake reviews for their products.

The sellers are moreover paying individuals in order to leave a good review or are offering free items in return for positive, public feedback on the platform.

The way they operate varies a lot from a vendor to another, but an open ElasticSearch server exposed some of the inner workings used in these schemes.

The researchers from Safety Detectives revealed the fact that the server, contained 7GB of data, with over 13 million records appearing to be linked to a widespread fake review scam.

The owner of the server remains unknown, but some indicators that the organization may originate from China due to messages written in Chinese were leaked during the incident.

The leaked database contained records involving at least 250,000 users and Amazon marketplace vendors. In the leaked data were included user names, email addresses, PayPal addresses, links to Amazon profiles, and both WhatsApp and Telegram numbers and also records of direct messages belonging to customers willing to provide fake reviews and traders happy to pay them for this service.

In the leaked database researchers were able to reveal the tactics used by dubious sellers.

Amazon Fake reviews


One type of scam is the one in which vendors are sending a link containing the items they need a 5-star review for, the customer purchases this item, and several days after, the customer leaves a positive review. After completing these steps the customer sends a message to the vendor, leading to payment via PayPal – which may represent a ‘refund,’ whilst the item is kept for free, this technique being especially successful as refund payments are kept away from the Amazon platform.

Heimdal Official Logo
Your perimeter network is vulnerable to sophisticated attacks.

Heimdal® Network DNS Security

Is the next-generation network protection and response solution that will keep your systems safe.
  • No need to deploy it on your endpoints;
  • Protects any entry point into the organization, including BYODs;
  • Stops even hidden threats using AI and your network traffic log;
  • Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

The open ElasticSearch server was found on March 1st but its owner has not been yet identified.

The server could be owned by a third-party that reaches out to potential reviewers on behalf of the vendors [or] the server could also be owned by a large company with several subsidiaries, which would explain the presence of multiple vendors.

What’s clear is that whoever owns the server could be subject to punishments from consumer protection laws, and whoever is paying for these fake reviews may face sanctions for breaking Amazon’s terms of service.


It’s important to note that Amazon’s community and review guidelines do not allow for the vendors to review their own products or offer a “financial reward, discount, free products, or other compensation” in return for positive reviews — and this includes through third-party organizations.

We want Amazon customers to shop with confidence knowing that the reviews they read are authentic and relevant.

We have clear policies for both reviewers and selling partners that prohibit abuse of our community features, and we suspend, ban, and take legal action against those who violate these policies.


z0Miner Spreads Using ElasticSearch and Jenkins RCE Vulnerabilities

SECURITY ALERT: Massive Data Leak Revealed the Sensitive Information of Millions of People

10 Tips to Keep Your Data Private Online

Leave a Reply

Your email address will not be published. Required fields are marked *