Amazon.com Inc. was hit by an “extensive” fraud, revealing that unidentified hackers were able to siphon funds from merchant accounts over six months last year.

Amazon believes it was the victim of a “serious” online attack by hackers who broke into about 100 seller accounts and funneled cash from loans or sales into their own bank accounts, according to a U.K. legal document. The hack took place between May and October 2018, Amazon’s lawyers said in a redacted filing from November that can now be made public.

Amazon said it was still investigating the compromised accounts and believed that hackers managed to change details of accounts on the Seller Central platform to their own at Barclays Plc and Prepay Technologies Ltd., which is partly owned by Mastercard Inc., according to the filing.

The case highlights how the world’s biggest online retail platform — designed to be automated with minimal human input — can be misused and how difficult it is for Amazon to find perpetrators.

Lawyers for Amazon asked a London judge to approve searches of account statements at Barclays and Prepay, which “have become innocently mixed up in the wrongdoing,” it said.

An Amazon spokesman didn’t have an immediate comment. Representatives for Barclays and Prepay didn’t immediately return emails seeking comment.

Amazon needed the documents “to investigate the fraud, identify and pursue the wrongdoers, locate the whereabouts of misappropriated funds, bring the fraud to an end and deter future wrongdoing,” the company’s lawyers said in the court filing.

The filing doesn’t say how the suspected wrongdoers were able to add details of additional banks to the merchant accounts.

The Amazon units named in the filing include Amazon Capital Services U.K. Ltd., which makes loans available to sellers for up to one year. The first fraudulent transfer occurred on May 16, according to the filing.

Amazon said Tuesday that it issued more than $1 billion in loans to merchants in 2018. It’s unclear how much the hackers stole.

译文：

由 乔纳森·布朗宁 和彭博 

该案例重点介绍了世界上最大的在线零售平台 - 旨在以最少的人力投入实现自动化- 可能被滥用，以及亚马逊寻找肇事者的难度。

亚马逊的律师要求伦敦一位法官批准搜查巴克莱银行和预付款公司的账户报表，这些报表“已经无意中混淆了不法行为”，它说。

亚马逊发言人没有立即发表评论。Barclays和Prepay的代表没有立即回复寻求评论的电子邮件。

该公司的律师在法庭文件中表示，亚马逊需要这些文件“调查欺诈行为，查明并追查违法者，找到被挪用资金的下落，结束欺诈并阻止未来的不法行为”。

该文件没有说明可疑的违法者如何能够向商家账户添加额外银行的详细信息。

在提交文件中指定的亚马逊单位包括亚马逊资本服务英国有限公司，该公司向卖家提供长达一年的贷款。根据备案文件，第一次欺诈性转移发生在5月16日。

亚马逊周二表示，它在2018年向商家发放了超过10亿美元的贷款。目前还不清楚黑客偷了多少钱。