This post is also available in:
עברית (Hebrew)
A recent security incident has exposed millions of personal customer records linked to an international shipping platform used by major e-commerce companies like eBay, Shopify, and Amazon. The leak, discovered by Cybernews researchers, involves Hipshipper, an online platform that facilitates global shipping services, including tracking, free insurance, and returns to over 150 countries. The breach exposed sensitive shipping labels and customs declaration forms stored in an unsecured AWS bucket, potentially compromising the personal data of millions of consumers.
The exposed records, which totaled over 14.3 million shipping labels, were available to the public for an extended period. Researchers found that the data included buyer names, home addresses, phone numbers, and detailed order information such as shipping dates and parcel contents. This type of data is crucial for international shipments, revealing not only where goods are going but also the details of the items themselves.
Though the bucket has since been secured after Cybernews contacted Hipshipper, the exposure of this data leaves consumers vulnerable to a variety of cybercrimes. Phishing scams are a primary concern. These attacks often manipulate recipients into divulging personal or financial information by citing specific transactions.
In addition to phishing risks, attackers could use the leaked data to conduct targeted malware attacks, according to Cybernews. By referencing specific products or order details, they can deceive users into clicking malicious links or downloading harmful files. The exposure of this personal information also raises the risk of malicious actors could exploit the data for physical crimes, such as stalking or assault.
To prevent future leaks, experts recommend that businesses follow best practices for securing cloud storage, including restricting access controls, enabling encryption, and regularly auditing security measures. Additionally, companies should educate their employees on how to protect sensitive customer data to prevent similar incidents from occurring in the future.
