- A dataset containing 14 million details has been discovered
- Leaked information looks to belong to international shipping platform Hipshipper
- Victims are at risk of identity theft and phishing attacks
Nobody is safe from data breaches, and something as simple as ordering a parcel from a reputable company can put you at risk. This is exactly the case for 14 million unlucky shoppers, as an open instance was discovered unsecured online.
Researchers at CyberNews found the instance originated from an unprotected AWS bucket which belonged to Hipshipper - an international logistic and shipping company that works with sellers on both eBay and Amazon, offering delivery and returns to over 150 countries.
The researchers discovered the open instance in December 2024, and the leak was only closed in January 2025, so was open for at least a month - here’s what we know.
Personal Information exposed
It's pretty easy to imagine how an attacker could use your shipping details to cause harm, and the leaked information included buyer’s personal information like full names, home addresses, phone numbers, and order details.
“Cybercriminals can exploit leaked data to orchestrate advanced scams and phishing attacks,” the researchers explained.
“For example, crooks may impersonate trusted businesses and distribute fraudulent messages that leverage specific order details to demand urgent verification of personal or financial information.”
There’s ‘no indication’ that cybercriminals accessed the exposed dataset, but criminals very often have ways to scan the internet for open instances such as these.
Retail firms are one of hackers most targeted industries, and unfortunately, only using large, reputable companies doesn’t protect your information from leaks - as retail firms like GrubHub, Mizuno, and Hot Topic have all suffered significant breaches in the last few months.
In fact, since 2004, over 17 billion accounts have been breached. Of course, that statistic is a little misleading, as some people will have had many accounts exposed whilst others remain untouched - but it does illustrate the scale of the problem, and reminds us that anyone could be at risk.
But whether your account has been breached once or a hundred times, the dangers are the same.
Protecting yourself
If you’re affected by a data breach, you should be very wary of identity theft - and the software listed can provide dark web monitoring, credit monitoring, even insurance if you do fall victim.
If you want to stay safe on your own, the key is staying vigilant. Keep a close eye on your accounts, statements, and transactions - report any suspicious activity to your bank immediately.
There’s also a risk of phishing attacks when your data is exposed - as criminals can use the information to craft personal and specific emails in order to trick victims into believing the attacker is a friend, colleague, or family. But that’s not all, CyberNews researchers explained, as “revealing personal details may even pose risks to physical safety.”
“Criminals could use this information for stalking, harassment, or planning burglaries. Furthermore, attackers may compile and use leaked data for financial or personal gain, often subjecting victims to harassment, reputational damage, or other harmful actions.”
Be extra careful if you receive unexpected communications, especially from someone you don’t know. Be sure to thoroughly look into every email address messages are sent from, and don’t click any links you don’t 100% trust.
We’ve written a full guide on how to avoid online phishing to better protect yourself if you need more information.
You might also like
- Check out our list of the best firewall software around today
- Foh&Boh data leak leaves millions of CVs exposed - KFS, Taco Bell, Nordstrom applicants at risk
- We've also rounded up the best malware removal software on offer right now
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
