- A data set that contains 14 million details has been discovered
- The leaked information seems to belong to the Hipshipper International Shipping Platform
- Victims run the risk of identity theft and phishing attacks
No one is safe from data violations, and something as simple as ordering a package of a good reputation company can put it at risk. This is exactly the case of 14 million unfortunate buyers, since an open instance was discovered without online guarantee.
Cybernews researchers found that the instance originated in an unprotected AWS cube that belonged to Hipshipper, an international logistics and shipping company that works with vendors on Ebay and Amazon, offering delivery and returns to more than 150 countries.
The researchers discovered the open instance in December 2024, and the filtration was only closed in January 2025, so it was open for at least a month, this is what we know.
Exposed personal information
It is quite easy to imagine how an attacker could use its shipping details to cause damage, and the leaked information included the personal information of the buyer, such as full names, housing addresses, telephone numbers and order details.
“Cybercriminals can exploit filtered data to orchestrate advanced scams and phishing attacks,” the researchers explained.
“For example, criminals can impersonate reliable businesses and distribute fraudulent messages that take advantage of the specific details of the order to demand the urgent verification of personal or financial information.”
There are no “indications that cybercriminals access the exposed data set, but criminals often have ways to scan the Internet for open instances like these.
Retail companies are one of the most specific industries of computer pirates, and unfortunate significant infractions in recent months.
In fact, since 2004, more than 17 billion accounts have been violated. Of course, this statistic is a bit misleading, since some people will have had many exposed accounts, while others remain intact, but illustrates the scale of the problem and reminds us that anyone could be at risk.
But if your account has been raped one or a hundred times, the dangers are the same.
Protecting you
If you are affected by data violation, you must be very careful with identity theft, and the software listed can provide dark web monitoring, credit monitoring, even sure if you are the victim of a fall.
If you want to stay safe on your own, the key is to remain attentive. Be attentive to your accounts, statements and transactions: report any suspicious activity to your bank immediately.
There is also the risk of phishing attacks when their data is exposed, since criminals can use information to create personal and specific emails to deceive victims to believe that the attacker is a friend, colleague or family. But that’s not all, Cybernews researchers explained, since “revealing personal data can even represent risks to physical security.”
“Criminals could use this information for harassment, harassment or robbery planning. In addition, attackers can compile and use leaked data for financial or personal benefit, often subjecting victims to harassment, damage to reputation or other harmful actions. “
Be very careful if you receive unexpected communications, especially someone you don’t know. Be sure to look thoroughly each email address address, and do not click any link in which it does not trust 100%.
We have written a complete guide on how to avoid online phishing to protect yourself better if you need more information.
