- Over 1.6 million files were discovered online by researchers
- These seem to belong to customers Etsy, Poshmark and Tiktok Shop
- Personally identifiable information is included
Two apparently unsecured Azure Blob storage containers holding 1.6 million files were discovered by Cybernews researchers, belonging to Etsy, Poshmark and Tiktok Shop online platforms.
The researchers say that these files contained personally identifiable information, such as complete names, personal addresses, email addresses and the details of the shipping order.
Anyone who uses these services should keep a careful eye on their accounts and take a look at the best identity flight monitoring tools if they are affected.
Customers at risk
The two cases exposed “contained confirmations of shipping emails in HTML format”, confirmed the researchers, and the vast majority of exposed users are in the United States, some of Canada and Australia.
The origin or the exact property of the data sets is not yet known, but the nature of the information suggests that it belonged to a particular showcase (on several purchasing platforms), in particular a embroidery service based on Vietnamese.
It is also not known whether cybercriminals have accessed these data sets, but only an internal forensic audit would reveal this information.
The researchers highlighted the risk that this brings to exposed people, such as convincing social engineering attacks of cybercriminals who pretended to be for the Etsy or Tiktok store – urging customers to give their contact details, resulting in potential financial loss.
“With access to personal information such as complete names and addresses, attackers could pretend to be confidence shipping suppliers or Etsy itself, make fraudulent communications seem more credible and to extract victims to take measures such as confirmation of personal information, make a payment or click on malicious ties”, said the researchers.
Data leaks are unfortunately too common for Internet users today.
We recommend that you check regularly whether your contact details have been exposed, using services as if I have been PWNED – and monitor your accounts, statements and transactions – and immediately signaling any suspicious or unexpected activity with your bank or credit card provider.
