Data breach in Amazon India exposes financial data of nearly 400k sellers

Amazon has since stepped in and claims to have fixed the issue.

Atom Data Breach

Sellers on Amazon India ecommerce platform were in for a surprise on Sunday when they were downloading their Merchant Tax Reports (MTRs) for the month of December 2018 from the website. They found that they could access the MTRs of several sellers other than their own. However, Amazon quickly stepped in and blocked the site and says the issue has been fixed since and reopened the site, reports Economic Times.

The company claims that only 400,000 sellers, which is 0.2% of the total number of sellers on Amazon were affected by the breach. The regular operations for downloading the MTRs resumed only late Monday evening, it is reported. Sellers chanced upon this anomaly when they were trying to download their reports from the site and found that what was being printed out was not their own but some other sellers’.

Amazon conceded that the flaw occurred due to a data breach. In real terms this is a failure in security since there is competition among sellers and disclosure of one seller’s details to the others is a compromising their data security.

There are sellers on the site who provide their services to other sellers in filing the monthly GST returns. These sellers had witnessed many such sellers reporting the mix up.

Data security breach reports from Amazon have a history. There was a report by an investigative journalist in the Wall Street Journal some time back which alleged that a few employees of Amazon in India and the US were in collusion with some merchants and leaking data, possibly for some monetary benefits. Amazon took action based on these reports and its own internal inquiry and sacked several employees in both countries.

There was another report in November last year that there was a security breach due to which some personal information of customers got leaked.