Amazon Data Leak: Users report phishing and scam calls where scamsters know exact order details

This time, many users have reported that they have received calls impersonating Amazon stating that they have won a prize where they know all order details.

Laxitha Mundhra
New Update
Amazon Data Leak: Users report phishing and scam calls where scamsters know exact order details

Amazon is not new to data breaches. In fact, many customers have previously reported phishing emails in the name of the company. In many instances, Amazon has been able to find out the point of a data breach, or the person involved. This time, scamsters have taken it a step ahead. Many users have reported that they have received calls stating that they have won a prize for ordering a product. The scary part is, the scamsters know the exact details of the order, including product, price, date and time of order, place of delivery, etc.


They lure the customer about big prizes on small orders. Some users have reported that they received calls for their Prime Membership account status. Other times, these scamsters seem to be placing fast-selling schemes in front of potential buyers. The phishing attacks are not new, but the fact that the scamsters know every little detail about an order is scary. Here, it is the ecommerce giant's responsibility to maintain data security which clearly is not the case.

Personal testimony.

A few members of the team at Cybermedia have also faced phishing attacks in the past few weeks. Boudhaditya from PC Quest states that he received a call for a lottery worth 50k order at Amazon. “The scamster told me that he could check the balance in my account and I was eligible for the lottery based on my last order. I cut the call and blocked and reported the number,” he said. I, on the other hand, received a confirmation call for an order once, stating that if I did not give my account details, they would cancel my order. In fact, I cut the call and reported it to Amazon customer care. In the past three weeks, I have received three different calls.


And this has been a testimonial for several users around the world.

A person detailed how he got scammed while the scamster knew every detail of his account, and unfortunately, he fell for it.


And this has been a problem all over the world, and not just in India.


Now, users are receiving calls and text messages instead of emails from scamsters. Users have also pointed out the irony of offering lucrative rewards for small packages ordered on Amazon.


Has there been a Data Breach at Amazon?

Every order that you place, come from a third party. Thus, the data leak can be possible on any of the checkpoints. However, recently, a B2B supply chain automation startup Bizongo reported a data leak of 2.5 Mn user files. The security team at Website Planet discovered that the data leak at Bizongo was in two formats - customer bills and shipping labels. The firm stated that there were a total of 2,532,610 exposed files due to a misconfiguration, a total of 643 GB of data. Bizongo has Amazon, Flipkart, Myntra, Swiggy, and Zomato among the clients using its B2B supply chain and vendor management solutions.

In January, Juspay acknowledged a data breach of over 100 million debit and credit card users on the dark web. Juspay processes payments for companies like Amazon, Swiggy, MakeMyTrip and several other companies.


Amazon has not responded to our queries

Alternatively, a source from Amazon has revealed that a lot of such cases are being reported with customer care service at Amazon daily for the past few weeks. And the phishing attacks are not only limited to India but over the world. He said that they have been receiving calls on orders complaining that they have lost money in a phishing attack. Further, the source also outlined that Amazon has been continuously trying to nab down where the data leak has happened. But the company has still not pinpointed the exact data breach point.

The company spokespersons have not responded to an email sent by CiOL.


What can Amazon do?

Amazon does have multiple cybersecurity systems in place to limit and control access to information. The company states that it has systems to identify and investigate suspicious behaviour, but none of this has worked in this particular scenario. However, the company could do more to mitigate the threat of data leaks and phishing attacks; majorly by starting about where it has shared the data of consumers.

What can you do?

The company has advised users to report fraud, scam, phishing and spoofing attempts. If you have lost any money, you can either report it to the company - Amazon, or the National Cyber Crime Reporting Portal.

Sign Up for our Newsletter>

amazon data-breach data-threat