Huge Christmas data breach - 14 million shipping records leaked, putting shoppers at risk - Hipshipper

[swidup]

https://www.techradar.com/pro/security/huge-christmas-data-breach-14-million-shipping-records-leaked-putting-shoppers-at-risk

"Researchers at CyberNews found the instance originated from an unprotected AWS bucket which belonged to Hipshipper - an international logistic and shipping company that works with sellers on both eBay and Amazon, offering delivery and returns to over 150 countries.

The researchers discovered the open instance in December 2024, and the leak was only closed in January 2025, so was open for at least a month - here’s what we know.

Personal Information exposed

It's pretty easy to imagine how an attacker could use your shipping details to cause harm, and the leaked information included buyer’s personal information like full names, home addresses, phone numbers, and order details.

“Cybercriminals can exploit leaked data to orchestrate advanced scams and phishing attacks,” the researchers explained.

“For example, crooks may impersonate trusted businesses and distribute fraudulent messages that leverage specific order details to demand urgent verification of personal or financial information.”

There’s ‘no indication’ that cybercriminals accessed the exposed dataset, but criminals very often have ways to scan the internet for open instances such as these."