Amazon.com Inc. said it was hit by a fraud, revealing that unidentified hackers were able to siphon funds from merchant accounts over six months last year.
The company said that the "serious" online attack affected about 100 seller accounts, with hackers to funnel cash from loans or sales into their own bank accounts. The hack took place between May 2018 and October 2018, Amazon’s lawyers said in a redacted filing from November that was now made public.
Amazon said it was still investigating the compromised accounts and believed that hackers managed to change details of accounts on the Seller Central platform to their own at Barclays Plc and Prepay Technologies Ltd., which is partly owned by Mastercard Inc., according to the filing. Amazon found the accounts were likely compromised by phishing techniques that tricked sellers into giving up confidential login information.
An Amazon spokesman said the company had finished its investigation of the incident.
The Amazon units named in the filing include Amazon Capital Services U.K. Ltd., which makes loans available to sellers for as long as one year. The first fraudulent transfer occurred on May 16, according to the filing.
Amazon said Tuesday that it issued more than $1 billion in loans to merchants in 2018.