- Over 1.6 million files have been discovered online by researchers
- These seem to belong to Etsy, Poshmark, and TikTok Shop customers
- Personally Identifiable Information is included
Two apparently unsecured Azure Blob Storage containers holding a combined 1.6 million files have been discovered by CyberNews researchers, allegedly belonging to online shopping platforms Etsy, Poshmark, and TikTok Shop.
The researchers say these files contained personally identifiable information, such as full names, home addresses, email addresses, and shipping order details.
Anyone who uses these services should keep a close eye on their accounts and take a look at the best identity theft monitoring tools if they are concerned.
Customers at risk
Both of the exposed instances “contained shipping email confirmations in HTML format,” researchers confirmed, and the vast majority of users exposed are in the United States, with some from Canada and Australia.
The exact origin or ownership of the datasets is not yet known, but the nature of the information suggests that these belonged to one particular storefront (across multiple shopping platforms), in particular a Vietnamese-based embroidery service.
It’s also not known whether cybercriminals have accessed these datasets, but only an internal forensic audit would reveal this information.
Researchers outlined the risk this brings to those exposed, such as convincing social engineering attacks from cybercriminals posing as Etsy or TikTok shop – urging customers to give their details, resulting in potential financial loss.
“With access to personal information like full names and addresses, attackers could impersonate trusted shipping providers or Etsy itself, making fraudulent communications seem more credible and urging victims to take actions such as confirming personal details, making payment, or clicking malicious links,” the researchers said.
Data leaks are unfortunately all too common for internet users today.
We recommend regularly checking whether your details have been exposed, using services like Have I Been Pwned – and monitoring your accounts, statements, and transactions – and immediately reporting any suspicious or unexpected activity with your bank or credit card provider.
You might also like
Services Marketplace – Listings, Bookings & Reviews