Skip to main content

Back to Blog

Hackers Use Compromised Credentials To Defraud 3rd Party Sellers on Amazon

Amazon’s robust online retail business is strongly supported with 2 million independent sellers. While Amazon has a very strong security profile, some of their sellers are making their own accounts vulnerable to hackers. And it is costing them tens of thousands of dollars.

Hackers are actively targeting those 3rd party sellers using stolen and compromised credentials (a password and user name combo) to gain access to the seller’s account.

In simple terms, here is what is happening to some of these 3rd party sellers:
• The seller uses one password to manage multiple online accounts on different websites.
• The seller’s password is exposed through a data breach or leak on one of those websites.
• The seller’s password is circulated on the Internet and is now compromised.
• Hackers test that password across multiple websites (credential stuffing) to gain access to one of the accounts for that user.

In this case, they were able to access the seller’s Amazon account. Once they gain access to the seller’s Amazon account, the hackers are re-routing banks deposits and selling false merchandise without any delivery. For example, a company called Lightning X Products had $60,000 disappear from its Amazon account last month. While Amazon is trying to detect fraudulent activity and take care of their sellers, it is timely and costly to rectify it.

All of this because there was a data leak and the seller is re-using their password. The result is that the seller is using a compromised password.

According to Alex Stamos, CSO Facebook, the reuse of passwords is the No. 1 cause of harm on the Internet, which is why so many companies are investing in technology to detect and block use of compromised credentials. Enzoic now provides an affordable way to solve this problem using the same approach applied by Facebook and other leading technology companies, but for a fraction of the cost.

If you are interested in learning more about how to block use of compromised credentials, please visit