A newly published modus operandi by certain actors might just pull e-commerce giant Amazon.com, Inc. (NASDAQ: AMZN) into a potential data scandal. Certain Chinese payment processors are allegedly engaged in the suspicious practice of requiring their Amazon seller clients to share their Amazon's Marketplace Web Service (MWS) secret keys.

Third parties such as payments processors and fulfillment services can connect to MWS in order to securely pass on information from sellers' accounts such as order and payment details. However, this is typically done through delegated access using MWS' programming interface and not by using the seller's secret keys.

Anyone who has access to secret keys could have unrestricted access to sellers’ data. This makes the act of sharing the credentials to external parties a security risk since this exposes information such as customers' personal details, purchase histories, shipping addresses, and payment details. LianLian Pay and Pingpong are among those reported to have required sellers to give up their credentials.

While there hasn’t been any reported misuse of the exposed information, the mere risk of exposure could bring Amazon plenty of backlash. The last thing the company needs now is to be hit by a data scandal. Amazon may be enjoying continued year-on-year growth to become the world's leading e-commerce company. However, the company is facing key challenges after its earnings fell short of Wall Street’s top line projection.

Amazon's Q3 2018 earnings report showed that the company's revenue rose 29 percent to $56.6 billion from Q3 2017. But despite making $34.3 billion from North American sales and $15.5 billion internationally, overall earnings fell short of the expected $57.1 billion. Revenue from sales commissions, product sales, merchant services, and subscriptions eased during the quarter and the company's stock still took a hit upon the announcement of missing the projection.

Word of data breaches and falling victim to cyberattacks are the bane of company stock these days. Recently, hotel chain Marriott (NASDAQ: MAR) saw its stock drop by 5 percent after it disclosed a breach to its Starwood guest reservation database that potentially affects 500 million records. Facebook (NASDAQ: FB) lost $120 billion after being embroiled in a data scandal involving Cambridge Analytica.

Posts on Amazon forums have already intimated that some sellers may have already mistakenly handed over their secret keys to third parties. While there have been no confirmed reports of data being used for malicious purposes, the data of affected customers may have been exposed nonetheless. Pingpong claims that it has already processed more than $1 billion in US payments indicating that it has conducted transactions with US customers whose data may now be at risk.

Global movements promoting data protection and privacy are making users more aware and conscious of data privacy and security. The EU has already put in place the General Data Protection Regulation (GDPR) which has strict provisions on how data can be collected and used by companies. Companies must also have honest disclosure of breaches. Those that fail to comply face stiff financial penalties that could amount to 2 percent of worldwide annual revenue, which, for companies like Amazon, could amount to billions of dollars.

Markets also react negatively to disclosures of cyberattacks and data breaches. On the average, companies that fall victim to one see stock prices drop by 2.89 percent 14 market days following the breach. Breached companies also tend to underperform the market in the longer term.

What makes this Amazon issue alarming is that it came to light during the ongoing US and China trade war. There have been numerous cyberattacks by China-based agents that target US organizations. The attack on Marriott is suspected to be one such state-sponsored attack.

This is also not the first issue surrounding China and Amazon and suspect practices. US merchants already bemoan the dominance of Chinese sellers on Amazon.

The influx of low-cost Chinese-made products has made it difficult for US merchants to compete. There have also been concerns of Chinese merchants manipulating the platform through zombie accounts and fake reviews in order to boost their profiles.

Amazon must act quickly and nip this issue at the bud. The company must promptly check if the concerns are valid and bar third party services that violate the platform's terms of service and code of conduct. Stringent measures must be put in place to ensure that customer data are secure and protected.