- A set of data containing 14 million details has been discovered
- The disclosed information seems to belong to the international Hipshipper shipping platform
- Victims are at risk of identity theft and phishing attacks
No one is immune to data violations, and something as simple as ordering a package to a renowned company can put you in danger. This is exactly the case for 14 million unlucky buyers, because an open body has not been discovered online.
Cybernews researchers found that the body came from an unprotected AWS bucket which belonged to Hipsyhipper – a logistics and international shipping company that works with sellers on Ebay and Amazon, offering delivery and returns in plus 150 countries.
The researchers discovered the body opened in December 2024, and the leak was closed until January 2025, it was therefore opened for at least a month – here is what we know.
Personal information on display
It is quite easy to imagine how an attacker could use your shipping details to cause damage, and disclosed information included the buyer’s personal information such as complete names, personal addresses, phone numbers and details order.
“Cybercriminals can use data disclosed to orchestrate advanced scams and phishing attacks,” said researchers.
“For example, crooks can pretend to be trusted companies and distribute fraudulent messages that take advantage of specific order details to require urgent verification of personal or financial information.”
There is no indication that cybercriminals have accessed the set of data exposed, but criminals very often have the means of scanning internet for open instances like these.
Retail companies are one of the most targeted industries in pirates, and unfortunately, only the use of large renowned companies do not protect your information against leaks – because retail companies such as Grubhub, Mizuno and Hot Topic have all undergone significant violations in recent months.
In fact, since 2004, more than 17 billion accounts have been raped. Of course, this statistic is a bit misleading, because some people have had many accounts exposed while others remain intact – but that illustrates the extent of the problem and reminds us that anyone could be in danger.
But that your account has been raped once or a hundred times, the dangers are the same.
Protect oneself
If you are affected by a data violation, you should be wary of identity theft – and the listed software can provide dark web monitoring, credit monitoring, even insurance if you are a victim.
If you want to stay safe by yourself, the key is to remain vigilant. Keep an eye on your accounts, statements and transactions – immediately report any suspicious activity to your bank.
There is also a risk of phishing attacks when your data is exposed – because criminals can use information to write personal and specific emails to encourage victims to believe that the attacker is a friend, a colleague or a family . But that’s not all, said Cybernews researchers, because “revealing that personal details can even present risks to physical security”.
“Criminals could use this information to harass, harassment or plan burglaries. In addition, attackers can compile and use data disclosed for financial or personal gain, often subjecting victims to harassment, reputation damage or other harmful actions. »»
Be very careful if you receive unexpected communications, especially someone you don’t know. Make sure you carefully examine each email address of the messages sent and do not click on links in which you do not trust 100%.
We wrote a complete guide on how to avoid phishing online to protect yourself better if you need more information.
