- Over 1.6 million files have been discovered online by researchers
- These seem to belong to clients in Etsy, Poshmark and Tiktok Shop
- Personally identifiable information is included
Two seemingly unsecured Azure Blob storage containers that have a total of 1.6 million files have been discovered by Cybergenws scientists who allegedly belong to online shopping platforms Etsy, Poshmark and Tiktok Shop.
The researchers say these files contained personally identifiable information such as full names, home addresses, e -mail addresses and shipping order information.
Anyone who uses these services should keep an eye on their accounts and look at the best surveillance tools for identity theft if they are concerned.
Customers at risk
Both of the exposed cases “contained shipping E -mail confirmations in HTML format,” researchers confirmed, and the vast majority of users who are exposed are in the United States, with some from Canada and Australia.
The exact origin or ownership of the data sets is not yet known, but the nature of the information suggests that these belonged to a particular storefront (across several shopping platforms), especially a Vietnamese-based embroidery service.
It is also not known whether cyber criminals have access to these data sets, but only an internal forensic audit would reveal this information.
Researchers outlined the risk that this brings to those who are exposed, such as convincing social technical attacks from cyber criminals who make up a ethsy or tiktok store – and encourage customers to give their details, resulting in potential financial loss.
“With access to personal information as full names and addresses, attackers were able to mimic trusted shipping providers or Etsy themselves, making false communication seem more credible and encourages victims to take actions such as confirmation of personal details, make payment or click on malicious links,” the researchers said.
Unfortunately, data leaks are far too common for Internet users today.
We regularly recommend checking if your details have been postponed, using services I have been pwned – and monitored your accounts, statements and transactions – and immediately report any suspicious or unexpected activity with your bank or credit card provider.
