Amazon accounts of several third party vendors were breached using stolen credentials obtained through the dark web to post fake deals and steal cash.
The threat actors have reportedly changed the bank-deposit information on the compromised accounts to steal tens of thousands of dollars from the users, several sellers and advertisers. Accounts that hadn't been recently used to post nonexistent merchandise for sale at steep discounts in an attempt to pocket the cash were also targeted by the attackers. Still not clear on numbers, how many accounts were compromised and the hack appears to have stemmed from email and password credentials stolen from a previous breach.
“Amazon has cultivated one of the largest and most impressive third-party ecosystems in the history of global business with more than two million sellers on the site,” said Fred Kneip, chief executive officer (CEO) at CyberGRX. “With so many potential weak links, it's no surprise that hackers have found a way to exploit the network for financial gain. “The reality today is that the security and perceived integrity of a network or business extends to the security of the third parties using it. Companies need to more proactively ensure the security of their partners, or risk real damage to their reputation and their brand.”
No comments:
Post a Comment