
Startup hacked by competitor, gets revenge - optimized
http://www.fbamastery.com/textbook-money-hacked-zen-arbitrage-got-punked/
======
biot
I checked out Zen Arbitrage's site to see what it is they offer and it sounds
really interesting -- find cheap popular books sold outside of FBA (Fulfilled
By Amazon) with little competition, buy them, and put them up for sale on FBA
(so Prime members get free shipping) with > 100% markup. But if it's really
that easy and profitable why aren't they just doing this themselves? If you
can double your money every month, finance the hell out of it and keep your
profit machine private. It always strikes me as suspect when someone offers a
sure fire way of making money but instead of using it themselves they just
sell you the info.

~~~
benjohnson
A possible reason: It's really hard to scale a scrounge-and-resell operation -
as you train employees to buy books they begin to wonder why they shouldn't
just do it themselves.

------
snickerbockers
Could this come back to bite Zen Arbitrage in the ass if they get sued for
damages caused by providing false data with the intention of sabotaging
another company?

I understand why they don't like Textbook Money scraping their database and
using it to fuel a competing product (and it is a competing product despite
OP's constant insistence that it isn't) but it's not necessarily illegal and I
think you could argue in court that the "correct" response would have been to
deny service instead of to deliberately mislead.

~~~
dougmany
Yes, especially considering it sounded like they were a paying customer. Yes
they were paying with fraudulent cards but they were still paying.

Wasn't the real Arbitrage here that the textbook money company knew where to
get the data that the book re-sellers wanted?

------
masonic
This would have been a lot more entertaining had it been even a _little_ less
spammy and fawning over ZA's feature set.

------
zerr
As I understand, the user has the legitimate right to save the data she gets
by querying. Just because she automated this process they call her a hacker?

~~~
outsidetheparty
"Hacking" isn't quite the right word, but I'm not sure what the right word for
"systematic scraping of a competitor's entire database" is.

~~~
lgas
Crawling.

------
CWuestefeld
We've found coordinated attempts to scrape our pricing data. As the OP also
found, they might have gotten away with it except for being greedy, setting up
so many requesters that it affected our site performance and we went to
investigate. The trail didn't go directly to a competitor, but to a service
that actually specializes in providing price comparison data. Some additional
circumstantial evidence led us to believe that they were working on behalf of
one of our competitors specifically.

We also had the idea to feed them fake pricing, but in the end our CTO thought
it better to just play it straight, so we built a way to identify certain
fingerprints of their requests (I don't want to say what, publicly), and
blacklist any offending IP addresses for several hours.

------
optimized
No more debased form of internet commenting than laypersons debating the law,
but a comment on this article does address some of the legal issues this
raises.

The comment is from a non-lawyer but raises good points about selling scraped
data and scraping that brings down / slows sites as being particularly
illegal.

Here's the (edited) comment (in re: competitors suing over this article):

"I’ve dealt with this kind of law in a tertial way and can second your
statement that subpoena powers would be the most dangerous (and stupid) thing
they could grant you right now.

I’m not a lawyer, but in my dealings in this area I know that there are a
couple things that spell MAJOR federal crime: One is scraping data and then
selling it (the _selling_ is where the prison time comes in), and the other is
bringing down a site / affecting page load time (sabotaging a competitor and
so on).

That doesn’t mention all the aspects of this story I’m sure you couldn’t talk
about publicly.

A lawsuit would be fun for us voyeurs admittedly because you would have access
to view ALL activity on their servers, email accounts, and so on and on. And
once it is public record, it would be available for all of us to see. Now THAT
would be a good article!

Yeah these guys would be majorly foolish to give you subpoena power right
now!"

------
teddyuk
Seems odd, someone gets (scrapes??) data from amazon - complains about someone
scraping data from them.

Or is amazon sharing data and they have it legitimately?

Either way it is a funny world we live in now!

~~~
tmikaeld
Amazon have an API that you can legally use for free.

[http://docs.aws.amazon.com/AWSECommerceService/latest/DG/Wel...](http://docs.aws.amazon.com/AWSECommerceService/latest/DG/Welcome.html)

------
oDot
Why not alert earlier and save people from spending money on garbage data :\?

------
gluck
Getting a 500 from hostgator here!

------
gggggggg
Long but well worth the read

------
optimized
Interesting (and hilarious) story about how a SaaS startup caught its
competitor stealing their data, and the prank they pulled as revenge.

