- A dataset that contains 14 million details has been discovered
- Leaked information appears to belong to International Shipment Platform Hipshipper
- Victims risk identity theft and phishing -attack
No one is safe against data violations, and something as simple as ordering a package from a reputable company can put you at risk. This is exactly the case for 14 million unfortunate shoppers when an open body was discovered unsecured online.
Researchers at Cyberenws found that the incidence came from an unprotected AWS bucket belonging to Hipshipper – an international logistical and shipping company working with sellers on both eBay and Amazon offering delivery and returning to over 150 countries.
The researchers discovered the open body in December 2024, and the leak was only closed in January 2025, then was open for at least a month – here’s what we know.
Personal information postponed
It’s pretty easy to imagine how an attacker could use your shipping information to cause damage, and the leaked information included the buyer’s personal information such as full names, home addresses, phone numbers and order information.
“Cyber criminals can utilize leaked data to orchestrate advanced fraud and phishing attacks,” the researchers explained.
“For example, Crooks may imitate trusted companies and distribute false messages that utilize specific order information to require urgent verification of personal or financial information.”
There is ‘no indication’ that cyber criminals gained access to the exposed data set, but criminals very often have ways to scan the Internet according to open occurrences like these.
Retail companies are one of hackers that are most targeted industries, and unfortunately it only protects to use large, reputable companies not your information against leaks – as retail companies such as Grubhub, Mizuno and Hot Topic Everyone have suffered significant violations in the last few months .
In fact, since 2004, over 17 billion accounts have been violated. Of course, these statistics are a bit misleading as some people will have got many accounts exposed, while others remain untouched – but it illustrates the extent of the problem and reminds us that someone could be in danger.
But whether your account has been broken once or a hundred times, the dangers are the same.
The protection of yourself
If you are affected by a data violation, be very careful about identity theft – and the indicated software can provide dark web surveillance, credit monitoring, even insurance if you fall victim to.
If you want to be sure of your own hand, the key remains vigilant. Keep an eye on your accounts, statements and transactions – report any suspicious activity to your bank immediately.
There is also a risk of phishing attacks when your data is exposed to -as criminals can use the information to create personal and specific e emails to fool victims into believing that the striker is a friend, colleague or family. But that’s not all, explained Cbergenws scientists, who “revealing personal details can even pose risks of physical security.”
“Criminals could use this information for persecution, harassment or burglary planning. In addition, attackers can prepare and use leaked data for financial or personal gain, which often exposes the victims of harassment, reputation injuries or other harmful acts. “
Be extra careful if you receive unexpected communication, especially from someone you don’t know. Be sure to look thoroughly on each E -mail address notifications is sent from and do not click on any links you do not have 100% confidence.
We have written a full guide on how to avoid online phishing to better protect yourself if you need more information.
