Misconfigured Database Exposes 200K Fake Amazon Reviewers

From infosecurity-magazine.com

A misconfigured database has exposed what appears to be a major coordinated scheme by Amazon vendors to procure fake reviews for their products.

At team at AV reviews site SafetyDetectives found the China-based Elasticsearch server exposed online without any password protection or encryption.

The 7GB trove contained over 13 million records including the email addresses and WhatsApp/Telegram phone numbers of vendor contacts, plus email addresses, surnames, PayPal account details and Amazon account profiles of reviewers.

According to SafetyDetectives, fake review scams typically begin with vendors sending their reviewer contacts a list of products for which they would like a five-star review. 

Read more…