To be the “ everything store,” Amazon relies heavily on outside merchants from around the world, who sell hundreds of millions of different products through its site. Powering this ecommerce machine is another marketplace that most shoppers will never see—a behind-the-scenes ecosystem of developers whose apps sellers use to run their businesses. Like other parts of its retail empire, Amazon has to make sure this system isn't being abused.

Running an Amazon business is fiercely competitive. To streamline their operations, many sellers rely on specialized business apps that tap into the Amazon Marketplace Web Service APIs, which can integrate data including sensitive customer information like names, emails, and delivery addresses. There are tools that automate simple tasks, like printing shipping labels, as well as apps that monitor key metrics like user reviews and sales volumes, which determine whether products appear higher in Amazon’s search results—the most popular way to shop on the site. While Amazon has multiple policies governing the use of these apps and their data, the cottage industry that sprung up around Amazon MWS has been relatively decentralized. Amazon only launched its Marketplace Appstore in May 2018.

Now Amazon is cracking down on third-party apps that accessed customer information through MWS and are in violation of its policies. Earlier this year, the company began emailing developers that they had to submit information about their apps in order to continue using Amazon MWS. Seller forums are full of posters wondering when they’ll finally regain access. WIRED spoke with three Amazon developers who received warnings or had their API access revoked in recent months. One enabled Amazon sellers to create targeted advertisements on Facebook using customer data for over a year, in violation of Amazon’s privacy policy.

Amazon says the clampdown is the result of additional security features it implemented in early 2019 but didn’t specify what those features were.

Amazon tries to tightly control many aspects of its ecommerce platform, from how sellers communicate with customers to what kinds of information they’re allowed to see, to protect shoppers’ privacy and keep bad actors from gaming its system. But customer data is so valuable that some sellers have resorted to bribing Amazon staff to hand it over, according to a Wall Street Journal investigation last year, and the company has fired at least one employee as a result.

“Amazon has strict policies and procedures in place to protect our customers’ personal information, and we regularly audit use of our services to ensure compliance,” a spokesperson for the company said in a statement. “We also continuously assess and implement new measures when we see opportunity to further strengthen our protections for the use of Amazon data.”

Data Detox

Yev Marusenko was working in marketing for a startup that sold products on Amazon several years ago when he noticed an issue many sellers faced: There wasn’t a good way to easily advertise on other websites, particularly on Facebook. He already had access to Amazon Marketplace Web Service APIs, since all that was required at the time was a valid professional Amazon selling account.

So Marusenko built a tool that would let Amazon sellers automatically take their customers’ personal information, like their names, and then upload that data to Facebook’s Marketing API to better target campaigns. For example, if you purchased a T-shirt from a third-party seller on Amazon, Marusenko’s tool would allow that seller to target you—or people like you, using Facebook’s Lookalike Audience tool—with ads for more products, a common practice in the ecommerce industry. Marusenko called the app ZonTracker and sold it through his own website. Marusenko says that eventually more than 500 sellers were paying roughly $20 to $60 a month to use his tool.