A data leak shows how Amazon reviews are bought


At the beginning of October we received an email from an anonymous tipster that made us curious. “The seller of Amazon reviews has screenshots of the purchases openly on the net,” it said in the subject line. We clicked on the link sent by the informant and a folder with exactly 14,359 screenshots of Amazon order confirmations and reviews appeared in the browser.

More from c't magazine

More from c't magazine

We looked at a few hundred screenshots. Around half showed reviews, the other half order confirmations. The file names didn’t follow any recognizable pattern, but apparently a review and a purchase confirmation belonged together. One picture showed that someone had ordered a “Baozun bike stand” on July 30th. Another picture showed a review of this product posted on August 9th.

Strikingly, there were all 5-star ratings in the folder. This suggests that the reviews were bought. Apparently someone had organized more than 7,000 five-star reviews and collected the receipts on the server. The oldest screenshot was from the end of January. So an average of over 800 reviews were documented per month.

Many consumers have long known that reviews should be treated with caution. But in individual cases it is seldom possible to say how a particular review came about. And it is even more rare that thousands of dubious cases come to light at once.

Telegram channel for Amazon reviews: those who award five stars get the purchase price refunded.

Particularly tricky: In many cases, the real name and address of the person who bought the product and who apparently subsequently wrote a cheering review were visible in the order confirmations. It also showed the names of the dealers who benefited from the reviews. We took a closer look at a few dozen – all of them were based in China.

But how were the ratings organized and why were the screenshots online? The tipster was able to explain that to us: There are numerous groups in Messenger Telegram in which so-called “agents” obtain ratings for Chinese traders.

We looked at some groups and were amazed at the audacity of the agents. You post products from Amazon sellers like on an assembly line, combined with the note that the purchase price will be reimbursed via PayPal if you first order the goods at your own expense and rate them with 5 stars. All you have to do is send screenshots of the review and the order number to the agent as evidence.

If you take part, you can shop for free on You can only choose from no-name products with retail prices of less than 50 euros, but apart from that, the agents have something suitable for practically every need on offer – from fashion to electronics to sex toys.

In many Telegram channels, the scam even runs automatically. You don’t chat with an agent made of flesh and blood, but with a bot. This efficient fake machinery is not new: Already in spring the WDR broadcast a documentary about that.

According to our own information, our tipster started ordering products from a certain Telegram channel a few months ago. After a review, he waited in vain for the reimbursement and therefore checked with the agent. He sent him a screenshot of the app, which he apparently used to control the transactions.

In the screenshot that c’t has, two links can be seen that lead to the around 14,000 screenshots mentioned above. The data leak is obviously related to the telegram channel. This in turn confirms the suspicion that the screenshots show purchased reviews that violate Amazon’s review guidelines and competition law.

An Apache web server ran under the IP address in the standard configuration, i.e. a system that is normally intended for publicly visible content. Access protection has to be set up consciously, for example with the configuration file htaccess. In this case it didn’t happen.

After consulting us, our tipster confronted the agent with the leak. He blamed a developer commissioned by him for the error. A short time later, the folder with the screenshots was no longer visible.