Has any one of you seen this, what are your thoughts?
Personally, I am surprised how much cooperative and supportive Amazon was to this seller. They worked with them in real time, remedying everything. Most sellers can only dream about the level of support like this.
Clearly, what happened is that they must have at some point clicked on a phishing link and the hacker gained control over their computer and phone.
Everytime they changed their e-mail, the hacker was there. At Amazon’s side, obviously, all requests were getting approved by the authorized account holder, so the fault lies with the seller.
What this seller was supposed to have done was immediately getting a new computer and phone and not a new e-mail address. They say they are turning over $200,000 per day. Why waste time on changing e-mails, just go to the nearest Apple store, get a new computer, phone, iPad, sim card, internet connection
So it looks like the Medium article was deleted by its author shortly after I posted about it, because they resolved the issue. Below, you can see a copy of the whole (now deleted) story:
Seller Central Account Hacked
Background
My name is Ivan Ong and I am the cofounder and CEO of baby and maternity brand, KeaBabies. Our company, Keaworld Pte Ltd, is a Singapore registered company.
We have been selling on Amazon.com as a 3rd party seller since 2017 and have grown our brand to US$78M in sales on Amazon in 2024. We now sell across Amazon US, CA, MX, AU, DE, UK, ES, IT, FR.
We were regularly featured on Amazon under the Amazon Global Selling team in Singapore and our brand story have been featured on various news media.
https://www.youtube.com/watch?v=G_113wXxE30.
https://www.youtube.com/watchiv=r26e4EOLEE.
The Straits Times - Breaking news, Singapore news, Asia and world news & multimedia.
Guide to Start an Online Business 2025 | Strategies from Top Amazon.com Sellers.
Through years of hard work, we have build a successful Amazon brand that continues to deliver value to Amazon customers and our customers.
We have a team of 80 people in our team who work tirelessly to build up the brand and business.
The Amazon Security Breach That Could Potentially Cause Our Brand Downfall
On the 16th Jan 2025, I received a suspicious email from Amazon mentioning Amazon is confirming we are contacting them. The device was located in Washington. The time was 11.27pm in Singapore and I was asleep. Hence I have not clicked on any links.
Soon after, there was a mobile OTP request at 12.16am sent to my mobile phone which I did not give any code to anyone too.
The next morning, I realised that my Amazon seller central email has been changed to an unfamiliar email address [email protected].
I immediately tried to login using my own Amazon seller login email address and was facing an issue.
I immediately notified my account manager from Singapore about the issue to open an investigation which Amazon told me it will be solved in 24 hours.
My team members were still able to login and saw that the admin email of our amazon account has been changed to the hacker email.
Sure enough in 24hours, Amazon took action and reset the admin email from the hacker email to my original email [email protected] (our email is hosted on Gmail for security) and i could see the admin account has been changed to mine.
As I was about to login to reset my password, within minutes, I receive the same account confirmation email to my email, asking me to confirm or deny request. I swiftly click deny this time round.
To my horror, the admin email was then changed to the hacker email, this time round with ANOTHER email - [email protected]
Hacker went on briefly to change admin event again for the 3rd time to [email protected]
At this time, all our team member lost access to their amazon seller central account as the hacker removed everyone’s access.
Our account manager was updated of all that was happening and assured me that the account has been suspended and no change of bank deposits can take place at this time for security purposes. The links to our Amazon store were all taken down, listings disappeared and the brand store was showing everything as unavailable. Our store does US$230,000 a day in sales across all marketplace and everything stopped.
https://www.amazon.com/s?i=merchant-items&me=AE40BB25H27N7&
https://www.amazon.com/stores/KeaBabies.
I waited for Amazon to investigate and the next day, our account manager asked if this is our deposit account number.
This IS NOT our account bank ending 978. The hacker has managed to change our bank account and have it verified, all while Amazon said our account is frozen and under suspension with no changes.
In the afternoon, Amazon called me and assisted me to change our account back to my admin email. I tried logging in but was unable to because the hacker have added his mobile number as the OTP.
Within minutes, I received yet again the same email requesting me for confirmation to approve or deny request, from which I clicked denied again.
Despite denying the request, the hacker change my admin email to a 4th email - [email protected], followed by changing to a 5th email - [email protected].
Thinking that my email might be compromised, Amazon helped me change my admin email to our brand name email @keababies.com through another team. Again, we failed to regain access because the mobile OTP was showing his number even when I had added my mobile number as OTP when I reset my password. (mobile ending 610 is not my mobile number).
In less than 5 mins, the hacker immediately changed the admin email again to [email protected].
I looked at my email log under the new @keababies.com email address and saw the same email again requesting confirmation which i had not clicked on approve or deny.
Amazon reassured me again that the account was suspended and no change of bank account or disbursement can be made on my account.
In case you are wondering if my computer or mobile has been compromised, I have run deep scans on my mobile and laptop and found no threats or risk of compromise to my devices or email.
The next day, i receive a bank change success email and disbursement success attempt on our Australia account in the amount of AUD$50,000.
The bank account ending 927 does not belong to me. This disbursement attempt was made successfully EVEN when amazon mentioned there is a mandatory 3 days hold before the bank account takes effect. This is a clear breach of amazon security system and the hacker was able to bypass this.
Again, I immediately notified my account managers acted swiftly to inform the backend team and suspended our Australia and Europe account as well.
This was despite the fact that Amazon has repeatedly informed me that our entire account is suspended and frozen and no change can be made.
The same day, Amazon rep called me and guided me to change my account email address again to our @keababies.com account hosted on gmail. This time, it was successful! I managed to change my password, added a brand new mobile number as OTP and activated 2FA on Microsoft Authenticator app. The Amazon manager told me the account takeover was successful and hung up.
I look into my account and saw the hacker has added his credit card details under charge method as follows:
As I was looking at my account for about 10 mins, I was suddenly logged out AGAIN. And the admin email has been changed to the hacker email again.
And my brand.com email account was not found.
This time i had received a mobile SMS on my brand new mobile number confirming access which i did not click on the link.
I immediately notified account manager again and the amazon backend team changed the admin email to my @keababies.com email and suppressed the entire account, no changes can be made now.
Both the hacker and myself are unable to access the account and the hacker immediately started opening cases to try to terminate the account from contacting amazon support from everywhere.
Also, i started receive random weird emails from Amazon.
As of now, Amazon has told me to change account email again for the 3rd time and this time to a @gmail.com account so no access to email can be possible. We could change the email but unable to reset password due to an error.
During this wait, Amazon has assured me that the hacker does not know my @gmail.com and therefore, unable to hack my account again and I should be very safe now while they figure out how to unlock my account.
But no! I received the hacker request to access my account again EVEN on a new @gmail.com account which Amazon claim that it is safe and hacker does not know my email address.
Since the account has been hard locked, the hacker has not been able to change the email yet.
7 days have passed since and Amazon still has not been able to identify the root cause of how the bad actor has been able to hack into my account with ease and such speed. Amazon is still trying to figure out how to reset my account from this hard block.
Amazon is unsure if my account will be safe from hacking even after they restore our account.
As much as I am thankful to my 2 account managers from Singapore whom have worked tirelessly on my case, I have now lost total confidence in Amazon’s ability to deal with a severe security breach issue and even if we were to regain back access and have our account unsuspended, there is no certainty that our account will not be hacked again and have our funds stolen.
There are no SOPS in dealing with severe crisis management, there has just been a lot of waiting for teams to wake up from different parts of the world to work on 1 thing at a time.
From the sequence of events that have happened. This is a VERY severe case of security breach and millions of seller central accounts can be potentially at risk of being hacked now.
I am not entirely sure but my guess is this could be either an insider job that has obtained a powerful Amazon internal tool that can change our admin account email and password at will and request funds.
Or a vulnerability in the Amazon system to bypass approval links to access to admin account changes and bypass the mandatory 3 days bank deposits holds.
I am outcrying and leveraging the power of the media and social media to let
Amazon get their act together to resolve the root cause of this security breach immediately to save our business and prevent a possible large scale cyber crime attack.
Everyday that passes, we are losing US$230,000 in daily sales and our team of 80 are in limbo now with their jobs and livelihood uncertain.
And because we are using multi channel fulfillment for our website www.KeaBabies.com, our store is unable to fulfill ANY orders now as account remains in total shut down and the losses are even bigger.
We are facing very high risk of bankruptcy and a total shutdown of our business if this drags on any longer.
This issue has impacted my health seriously and I do not think I deserve this.
At this point, I can only keep praying for the best.
With a heavy heart,
Ivan Ong
Co Founder, KeaBabies.com
PS: Should anyone from Amazon Cyber Crime wants to speak to me about our issue, please email me at [email protected]
PSS: For customers who have PM us asking why our products are not listed on Amazon anymore, this is the reason and you can find our products on Target.com at the present moment.