Data breach hits Amazon India

Amazon

Tech giant Amazon has been prompt to come clean over a computer malfunction that led to around 400,000 of the platform’s sellers in India being hit by a data breach.

 The hiccup which took place on Sunday was sorted out as soon as possible, Amazon claims, after users discovered the issue and raised the alarm, the India Times reports.

The multinational retailer divulged that the relatively tiny number of 400,000 of its sellers was affected by the glitch which exposed tax reports of some traders to other traders.

A statement released by Amazon said:

“On Sunday, some sellers who attempted to download Merchant Tax Reports for the month of December 2018 experienced a technical issue. Our teams identified the issue and resolved it on priority and sellers were soon able to download the correct MTR reports.”

Sources inside Amazon say that the data breach affected around 0.2% of the retailer’s seller numbers.

Those victims involved stated that they discovered they were able to access and download tax reports belonging to other vendors in the run up to the late hours of Monday. After the issue was flagged up, Amazon disabled and removed the disrupted section. Steps were then taken to restore normal operating procedures and within a few hours it was business as usual.

One seller logged onto their ecommerce domain on the weekend to access December’s tax report only to discover that the numbers were at odds with what had been sold. Further scrutiny revealed that the Goods and Services Tax Network (GSTN) on the unique report actually belonged to another tradesperson.

Another regular Amazon user who also provides a service of filing GST returns for other e-sellers said:

“I was surprised to see that several of my clients had uploaded reports that were not their own. Being a seller myself I saw that the MTR wasn’t my own when I downloaded it. Most of the sellers who sent me the reports faced the same issue.”

A number of data breaches have plagued Amazon through 2018. Towards the end of 2017, the tech Leviathan disclosed that it was looking into reports that staff in India are sharing confidential company information with US merchant counterparts.

The firm sacked a number of workers in India and the States for allegedly getting hold of internal data that was being misused by sellers, the Wall Street Journal reported before Christmas.


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/