Amazon India said that the tax data of close to 400K sellers was visible to other sellers due to a technical glitch on January 6.
The data breach came to light after a media report, citing some Amazon vendors, said that the Merchant Tax Reports (MTR) of some sellers were visible. Some of the sellers that were affected were reportedly able to download tax reports of other vendors till Monday (January 7).
An MTR is a sales report for the ecommerce sellers to file the Goods and Service Tax (GST) return.
An Amazon’s spokesperson said, “On Sunday, some sellers who attempted to download merchant tax reports for the month of December 2018 experienced a technical issue. Our teams identified the issue and resolved it on priority and sellers were soon able to download the correct MTR reports.”
Amazon, which has a seller base of over 3 Mn sellers on its marketplace, as of February 2018, had pulled down the section for sellers to download the MTR report and reopened it after apparently fixing the issue. The breach, however, did not reveal sellers’ contact information.
(Screenshot Of Amazon’s Seller Service Webpage)
Data Leaks Plague Ecommerce Marketplaces
In the aftermath of the Black Friday sales in November, last year, Amazon India had reported a data breach that exposed customer information such as email addresses and their names.
Last year a Wall Street Journal report said that Amazon’s employees in India and the US were supposedly sharing internal company data with some merchants. Following the allegations, the company dismissed several employees in both countries for accessing internal data. However, it is unclear how many sellers were affected, what the extent of the damage is, or how many India employees were involved in the misuse of data.
In December, Amazon’s main rival in India, Flipkart had faced a technical error, with all products on its platform being listed as unavailable for about 30 minutes. However, the company managed to solve the problem soon after. Similarly, in 2017, a user had posted a simple hack to access sensitive and private data of Shopclues customers through short links sent over the company’s SMSs.[The development was reported by ET]