Amazon third party vendors are being targeted by cybercriminals in order to siphon off their funds.

Hackers are counting on vendors reusing passwords that may be available on the dark web. Once in, they can change banking info to steal their deposits. They can also post sales items that are fictitious but give a 4 week delivery date so that the funds can be taken before the victim gets wise.

“The Amazon hack is an example of how identity has become the new attack vector, and hackers are all over that fact—taking stolen credentials from one breach and using them to access another website, all because a person chose to reuse a password across multiple sites,” said SailPoint president and co-founder Kevin Cunningham, via email. “This illustrates an interesting ‘chaining’ or ‘domino effect’ that data breaches can have across multiple organizations.”

The fake goods scam doesn't get very far because Amazon has a policy to not release funds until the buy receives his goods.

An Amazon spokesman said: Amazon "is constantly innovating on behalf of customers and sellers to ensure their information is secure and that they can buy and sell with confidence, there have always been bad actors in the world who try to take advantage of consumers for financial gain; however, as fraudsters get smarter so do we.”

Cunningham had some words about keeping your data safe: “To avoid needless risk and to protect their identity in the event of a breach, people should take a minute to adhere to some password management best practices to help avoid potential dangers. Some simple measures that people can easily implement right now include using a unique password for every application or account, and making sure the password is long and more complex—the longer and more complex the password, the safer it will be. After all, protecting identity is key to the safety of your own personal data but also to the security of sensitive company data and files, too.”

Source: Info Security