On the verge of bankruptcy! Amazon's top seller account is frozen

For Amazon sellers, account security is extremely important. Once the store is blocked, it will trigger a series of chain reactions. However, in addition to sellers who have violated regulations, some sellers’ accounts are frozen due to external emergencies.

Well-known Amazon seller was "hijacked"

At around 11pm on January 16, 2025 , Ivan Ong, founder and CEO of KeaBabies, a well-known maternity and baby brand in Singapore, suddenly received an Amazon login verification notification on his mobile phone, indicating that his account was trying to log in from a device in Washington, USA. As it was late at night, Ivan did not take any action. However, by the next morning, a carefully planned hacker attack had quietly completed .

The next morning, Ivan discovered that the store administrator's email address had been tampered with to ke*****@outlook.com, and the login password was invalid. The team completely lost access to the seller's backend.

Afterwards, the hacker changed the payment account of KeaBabies ' Australian site to an overseas bank account ending in 927, bypassed Amazon's fund reserve period rules, and successfully transferred 50,000 Australian dollars (about 31,600 US dollars).

After the team urgently informed Amazon of the situation, the platform did not choose to take targeted action, but instead froze the seller's account directly.

After the account was frozen, KeaBabies ' average daily sales of US$230,000 instantly dropped to zero, and the team of nearly 100 people was directly faced with the embarrassing situation of "no orders to process".

According to Ivan's preliminary statistics, the account freeze has led to a stagnation of an average daily sales of US$230,000. The hacker has withdrawn US$31,600, and more funds are yet to be tracked. The estimated monthly loss is over US$6.9 million.

On the other hand, the average salary cost per employee of the company is about S$3,000 per month. Now that the accounts are frozen, the capital chain is at risk of breaking, and 80 employees may be forced to lose their jobs. Ivan even admitted that "the countdown to bankruptcy has started."

It is worth noting that the hacker did not obtain the OTP verification code through traditional phishing methods throughout the process , but directly manipulated the core information of the account, which shows that the attack has broken through the conventional account protection system.

In response to this situation, Ivan suspected that the attackers might have bypassed the regular security approval process through Amazon's internal tools (such as the seller support system API), and even did not rule out the possibility of "insiders collaborating in the crime."

It is reported that Ivan once lamented in an open letter: "This is not a simple technical failure, but a systemic security loophole. We are being manipulated like puppets, but we can't find any rescue ropes."

Amazon's security breach is not an isolated case

In fact, the KeaBabies incident is not an isolated case. Yien.com found that security vulnerabilities on the Amazon platform have evolved into a "industry disease" that erupts periodically.

Phishing link fraud incident in 2016: Hackers implanted phishing links into the personal homepages of Amazon users, inducing users to enter bank card information or verification codes, resulting in theft of funds. Victims were deceived through fake refund links in the hidden order function, with the highest single loss reaching 215,000 yuan.

The 2017 Fujian seller incident: $50,000 in payment was transferred to a Southeast Asian account and was eventually partially recovered through the claims mechanism;

In 2018, the UK "Hundred Store Robbery" incident: the payment information of about 100 sellers' accounts was tampered with, and the funds flowed into the Barclays Bank account controlled by hackers, resulting in a loss of hundreds of thousands of dollars;

Phishing emails are rampant in 2020: hackers forged Amazon official emails to trick people into clicking on Trojan links, leading to large-scale data leaks;

2024 employee data breach: Hackers obtained Amazon employee contact information through a third-party supplier vulnerability and claimed on the dark web forum BreachForums under the name "Nam3L3ss" that they had data from 25 large organizations, including some Amazon records.

The 2024 “Ghost Shipping” scam: Hackers modified the payment account and transferred funds through fake logistics order numbers, forcing the platform to initiate a refund procedure.

Industry insiders pointed out that when encountering such situations, the platform often transfers the security responsibility to the seller, while the upgrade of its own risk control system is seriously lagging behind. For example, Amazon has not yet fully implemented hardware key authentication and only relies on SMS OTP verification, which leaves room for man-in-the-middle attacks (MITM).

Influenced by such incidents, many small and medium-sized sellers have chosen to leave Amazon and turn to multiple platforms such as TikTok and Walmart.

Although sellers often seem powerless in such situations due to the lack of help from the platform, this does not mean that sellers have to give up.

How should sellers respond?

Faced with Amazon account security vulnerabilities and the risk of hacker attacks, sellers can adopt a two-pronged strategy of "prevention + emergency response" to build a defense system from multiple dimensions including technical protection, fund management, legal rights protection and risk transfer.

First, hackers often break into accounts through internal tools or API vulnerabilities. Sellers need to change their strong passwords (including uppercase and lowercase letters, symbols, and numbers) every month, and regularly review employee permissions through Amazon's "User Permissions" function to disable access rights for those who have left or are suspicious.

Secondly, sellers can use third-party tools to monitor login IP, device changes, and sensitive operations (such as payment account modification) in real time. If any abnormality is found, the account will be frozen immediately and Amazon will be contacted. For example, if KeaBabies triggers an alarm when the payment account is tampered with, it can reduce financial losses.

In addition, if an Amazon account is frozen, sellers can try to continue selling through platforms such as Walmart and TikTok Shop, while using overseas warehouses to transfer inventory to other channels for distribution.

Finally, if Amazon fails to deal with the security vulnerability in a timely manner, the seller can file an arbitration application with the American Arbitration Association (AAA) in accordance with Article 3 of the Business Solutions Agreement , and ask the platform to compensate for the losses. The arbitration fee is about US$1,000-5,000, but the success rate is low (about 20%).

If a large amount of money is involved (such as KeaBabies' monthly loss of US$6.9 million), a law firm can be commissioned to initiate a class action lawsuit and seek compensation through out-of-court settlement.

Amazon

Seller

Account freeze