Incident Of The Week: Amazon India Accidentally Exposes Seller Information To Other Sellers

Breach included competitor sales, category and inventory data

Esther Shein

Amazon began 2019 much like it ended 2018: with a data breach, this time, on its platform in India. Sources said a glitch was reported internally last week that made the private financial information of some sellers available to other users.

Some sellers downloading their monthly sales reports on Amazon received other vendors’ reports, which led to a breach of competitive business data, Business Standard reported. Amazon India confirmed the data breach, and said a “miniscule number” of the 400,000 sellers on its platform were impacted, according to The Economic Times.

The company resolved the problem soon after it was flagged by sellers, Amazon India said.

Some sellers who attempted to download Merchant Tax Reports for the month of December 2018 were able to download the tax reports of other vendors between last Sunday and Monday, Amazon India said. The company said its technical teams identified the issue and resolved it, and sellers were soon able to download the correct MTR reports.

The data in the merchant tax reports that was accidently passed on to unintended recipients, included sales, category and inventory data.

These instances almost always have an impact on users’ trust, Saket Modi, chief executive officer and co-founder of Lucideus, a New Delhi-based cyber security firm, told Business Standard.

“Being hacked is not uncommon. What matters is whether these lapses are responded to swiftly and in the right manner,” he said. It is not known whether any Amazon sellers have issued a complaint yet.

While there is presently no law in India that holds e-commerce sites accountable for data leaks, a bill is pending in Parliament to strengthen cybersecurity laws and penalize companies for lapses, according to International Business Times.

In the past year Amazon has experienced multiple data breaches. In December, the e-commerce giant said it was investigating allegations that some employees in India and the U.S. are sharing internal company data with merchants. It also reportedly dismissed several employees in India and the United States for allegedly accessing internal data that was being misused by merchants, according to a Wall Street Journal report.

Amazon suffered a data breach just before Black Friday in November, disclosing customer names and email addresses, although it did not give details at the time on how many were impacted. The company issued a short statement stating that the issue had been fixed and it notified customers who may have been impacted.