Amazon is known for its ease in delivering purchases to our doormats. But now the retail giant is in the news for another kind of ease – and it’s not good.

Hackers have figured out that Amazon’s third-party sellers are easy to hack. Cyber criminals recently accessed hundreds of accounts, posted fake items for sale, and then collected tens of thousands of dollars.[1]

The aftermath hasn’t been pretty. Customers are angry that they paid for items that were never delivered. Sellers are angry that they’re on the hook to reimburse for items they didn’t sell. And while Amazon is dealing with this firestorm, hackers are laughing all the way from the dark web.

What does this mean for you as a consumer or executive? There are two things you should know about the Amazon hacking.

First, this is proof that this can happen to any of us.

Amazon is the largest e-commerce company in the world. They’ve wowed us with their innovative processes. But even Amazon isn’t immune to a financial and emotional disaster that can be caused by hackers.

Second, this is preventable.

These third-party sellers weren’t hijacked at random. It turns out that their hacked accounts had something in common. They were all dormant.

Dormant accounts are a honeypot for hackers. That’s because they know their criminal activity will go unnoticed. And they’re right. Amazon sellers didn’t realize something was wrong until customer complaints started rolling in – but by then it was too late.

Here are three things you can do to prevent this kind of hacking.

  1. Pause.

As a consumer, be wary of prices that seem too good to be true. Retailers make it easier than ever to buy impulsively – but don’t click on a deal without giving it some thought.

As an executive, don’t allow busyness to distract you from spotting a hacker who has slipped into your organization. Criminals look for complacency. Take the time today to get a free access rights assessment by a credible cybersecurity company. This identifies your security gaps, including password policies and dormant accounts. You’ll find out which accounts are inactive and which accounts have too many privileges.

  1. Get moving.

Armed with an accurate snapshot of your security system, it’s time to seal the cracks in your armor. For small to mid-sized businesses, this means starting with your username and password as your main defense against hackers. Larger organizations need to inspect firewalls and implement multi-factor authentication.

No matter the size of your organization, a cyber security company can help you take action to protect your accounts. You’ll shut down accounts when people leave your company. You’ll deactivate unused accounts after 90 days. And you’ll adjust privileges when employees travel or change positions.

  1. Stay moving.

You need more than a snapshot to stay protected over time. That’s because people are constantly making changes to your system. It doesn’t stay still, and neither should your cyber security. That’s what makes real-time monitoring so important. You receive notifications when something isn’t right. It helps you keep up with a dynamic environment so hackers will move on to an easier target.

If a retail giant like Amazon can be swindled by hackers, then our organizations are at risk too. Practice these three simple steps to prevent cyber criminals from taking advantage of your dormant accounts and passwords.

Umesh Verma, CEO, Blue Lance

Umesh Verma is the award-winning CEO and driving force behind Blue Lance, the global provider of cybersecurity governance solutions. For more than 25 years, Blue Lance’s automated software solutions have been protecting digitally managed corporate assets by assessing, remediating, and monitoring security of information systems. Call Blue Lance at 1-800-856-2586 for your 25-point Access Rights Assessment, or get social with us on LinkedInFacebook, or Twitter.

[1] Laura Stevens and Robert McMillan, “Amazon’s Third-Party Sellers Hit By Hackers,” Wall Street Journal, April 10, 2017,