AMZ Review Trader

We've been tracking the persistent trend of exposed databases linked to e-commerce platforms, and a recent discovery highlighted the risks associated with third-party services integrated into the Amazon marketplace. Our team stumbled upon this while monitoring a known Telegram channel frequented by data brokers. What really struck us wasn't just the volume of records, but the specific targeting of Amazon product review data, coupled with the potential to identify individual reviewers. The setup here felt different because it directly impacts seller reputation and reviewer privacy, offering a glimpse into the mechanics of how feedback is manipulated on a massive scale.

### The AMZ Review Trader Leak: 1.2 Million Records Exposing Amazon Review Networks

This breach centers on data originating from **AMZ Review Trader**, a platform designed to connect Amazon sellers with individuals willing to provide reviews in exchange for free or discounted products. While the practice itself skirts Amazon's terms of service, the exposed data reveals the operational details and personal information behind these transactions.

The leak was discovered on **March 8, 2024**, when a database dump appeared on a private Telegram channel known for trading e-commerce related data. Its initial appearance was met with moderate interest, but quickly gained traction as users realized the potential to identify both sellers attempting to boost their product rankings and reviewers who may be violating Amazon's guidelines. The data had been circulating quietly, but we noticed the uptick in chatter and cross-referenced the database structure against known review trading platforms, leading to the identification of AMZ Review Trader.

This breach matters to enterprises now because it highlights the risks inherent in relying on third-party services, even those that appear relatively benign. The data could be used for competitive intelligence, to manipulate product rankings, or even to target individual reviewers with phishing attacks or harassment. It also underscores the broader threat theme of SaaS misconfigurations and the increasing sophistication of data scraping and aggregation targeting e-commerce ecosystems.

**Breach Stats:**

* **Total records exposed:** 1.2 million
* **Types of data included:** Emails, usernames, passwords (hashed, but potentially weak), Amazon product URLs, product descriptions, reviewer profiles (including names and contact info), payment information (partial), chat logs between sellers and reviewers.
* **Sensitive content types:** PII (Personally Identifiable Information), transaction details, potentially compromising communications.
* **Source structure:** JSON dump from a MongoDB database.
* **Leak location:** Telegram channel (private), later mirrored on a smaller data breach forum.

### External Context & Supporting Evidence

Several news outlets have covered the broader issue of fake reviews on Amazon, highlighting the scale of the problem and the challenges in combating it. For example, a **TechCrunch** article from **February 2024** detailed Amazon's efforts to remove fake reviews using AI and machine learning, but also acknowledged the ongoing cat-and-mouse game with sellers employing increasingly sophisticated tactics.

Discussions on relevant subreddits like **/r/AmazonSeller** show frequent debates about the ethics and legality of using review trading platforms. While some users defend the practice as a necessary evil to compete in the crowded marketplace, others express concerns about the potential consequences, including account suspension and legal action. One Reddit comment noted, "Amazon is cracking down hard on incentivized reviews. It's not worth the risk to your business."

Additionally, open-source scraping tools and techniques are readily available on GitHub and other platforms, enabling attackers to automate the collection of data from websites and databases. These tools can be easily adapted to target specific platforms like AMZ Review Trader, further exacerbating the risk of data breaches.