Hacker Steals Amazon Marketplace Credentials And Selling For 0.02 BTC

A hacker going by the online handle of 0xTaylor steals Amazon Marketplace credentials from 3rd Party Server. Amazon Marketplace an e-commerce platform owned and operated by Amazon.com Inc. that enables third-party sellers to sell new and used offerings on Amazon.com’s fixed-price online marketplace alongside Amazon’s regular offerings.

The hacker is currently selling the stolen database online in the Dark net for BTC 0.02 (13.51 US Dollar).

The leaked data size is 706MB with 118K lines and includes 110,000 unique email addresses detected from various providers but the vast majority is related to Amazon marketplace emails.

A screenshot from the leaked data by the hacker :

However the email addresses are encrypted as shown in the Amazon Buyer-Seller Messaging Service page which states that :

“By using the Buyer-Seller Messaging Service, both buyers and sellers communicate with each other via encrypted e-mail addresses. For example, if a buyer wants to contact a seller, the Buyer-Seller Messaging Service will assign an encrypted alias, such as a222d34b3891234b@marketplace.amazon.com, instead of displaying the seller’s real e-mail address. Emails are routed to the seller via this encrypted alias”.

Here is a list of emails found in the leaked data :

Other than those encrypted emails the data also includes personal information like phone numbers, postal codes, first and last names, country, state, address, buyer emails addresses, product purchased and buyer notes. There are also multiple fields related to internal operations such as order total, amount, currency and ship date etc.

Related posts

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA

Kia Dealer Portal Vulnerability Risked Millions of Cars

Latest Octo Malware Variant Mimics Popular Apps Like NordVPN, Chrome