Huge data leak contains 14 million customer shipping records

955

No industry is safe from data injuries. In the past few months alone, we have seen that security incidents have hit almost every sector, including healthcare, finance and technology. Now the shipping industry has worked with a large global sender who works with Amazon, Ebay and Shopify and reveals 14 million records. In order to make things worse, the open instance was found in December during the highlight of international shipping when people around the world send and maintain gifts. The researchers have attributed it to an unprotected AWS bucket who heard hipshipers.

Stay protected and informed! Get security warnings and experts -tech tips –Register now for Kurts The Cyberguy report

What you need to know

Hip shipper, a shipping platform used by sellers on eBay, Shopify and Amazon, accidentally unveiled millions of ship labels with personal customer information. Researchers from Cybernews found the exposed data in December 2024, but only determined it in January 2025, which means that it was open for at least a month. Hipschipper helps people to send packages to over 150 countries by offering tracking, free insurance and simple returns. The exposed pension labels are important because they describe what is in the packages and where they should go.

However, an unprotected AWS bucket gave over 14.3 million records, mainly shipbet labels and customs forms. Researchers of cybernews explained, “Cybercriminals can use bunketed data to carry out fraud and phishing attacks. For example, criminals could pretend to be trustworthy companies and to send fake messages with certain order details to get people to share personal or financial information. “

The hidden costs of free apps: your personal data

Which data was leaked through

The researchers believe that the exposed bucket contains confidential information about buyers, including the full names, house addresses, telephone numbers and order data such as post data and packet information. Although there is no direct evidence that cybercriminals have accessed the exposed data, millions of malignant actors use automated bots to search the Internet for similar leaks in the hope of finding data that can be used for harmful purposes.

These criminals could take advantage of the infiltrated information on the start of fraud and phishing attacks. For example, you could specify to be a trustworthy company and to send fake messages that use certain order details to put people under pressure in order to check personal or financial information urgently.

Unfortunately, retail companies are a main goal for hackers and well -known companies are not always based on their information. The latest violations of companies such as Grubhub, Mizuno and Hot Topic show that even large retailers can suffer significant security gaps.

From Tikok to Problems: How your online data can be Created against you

7 possibilities that you can protect yourself after such a data violation

1) Pay attention to phishing attempts and use a strong antivirus software: After a data injury, fraudsters often use the stolen data to create convincing phishing messages. These can be delivered by e -mail, text or telephone calls and pretend to come from trustworthy companies. Be particularly careful with unwanted messages with links in which you ask for personal or financial details, even if you refer to the current orders or transactions. The best way to protect yourself from malicious links is to have installed the antivirus software on all devices. This protection can also draw your attention to Phishing -E emails and ransomware frauds in order to keep your personal data and digital assets secure.

My top choice is TotallyAnd you can get one Limited time deal for Cyberguy readers: $ 19 her first year (80% discount) for the Totalav Antivirus Pro package.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices.

2) Pay attention to snail mail: While many security threats enter online, physical emails can also be a goal. With house addresses that are exposed to data leaks, criminal fraudulent letters or fake bills can send invoices to obtain them, provide further personal information or make payments. If you receive suspicious mail, avoid answering it and report it to the company that claims to come from.

3) Investation in the protection of identity theft: In view of the suspension of personal data such as names, addresses and order details, the investment in identity theft services can provide an additional security level. These services monitor your financial accounts and credit report on signs of fraudulent activities and alert potential identity theft at an early stage. You can also help you to freeze your banking and credit card accounts to prevent the other non-authorized use by criminals.

One of the best parts of My #1 selection, identity guardis that you have identity theft insurance Up to $ 1 million to cover losses and legal costs And a white glove fraud resolution team in which a The American case manager will help you restore losses.

Exclusive Cyberguy -Deal: 66% Off Ultra annual plans: Get the Identity Guard Ultra Protection to protect your identity and loans for only 9.99 US dollars/MO (the lowest offer) for the first year.

See my tips and best options on how you can protect yourself from identity theft.

4) Activate the two-factor authentication (2FA) for accounts: Activate Two-factor authentication Add an additional security level to your online accounts. Even if Hackers receive their login information, you can access your accounts without the second review step, e.g. B. a code sent to your phone or e -mail. This simple step can significantly reduce the risk of non -authorized access to sensitive personal information.

5) Monitor your creditus regularly: You can request free credit reports from large credit offices to look for suspicious activities or non -authorized accounts that are open in your name.

6) Update your passwords: Change the passwords for all accounts that may be affected by the violation and use clear, strong passwords for each account. Consider using a password manager. This can help you to generate and save strong, clear passwords for all of your accounts. Our top selection for a password manager is North pass. Nordpass is a secure and user-friendly password manager who uses the Xchach20 encryption of zero know-leather and military quality to protect your data. It supports Windows, MacOS, Linux, Android, iOS and large browsers and offers unlimited password storage, safe release, password health reports, monitoring data injuries, automatic fill and emergency access.

Cyberguy Exclusive Nordpass Deal: Save 56% and receive 3 additional months free of charge with a 2-year plan. Try 30 days -free for only 1.29 $ 1.29/month!

Get more details about mine Best expert-tested password managers from 2025 here.

7) Remove your personal data from public databases: If your personal data has been unveiled in this violation, it is important to act quickly to reduce your risk of identity theft and fraud. A service like Incogni Can help you remove all this personal information from the Internet. It has a very clean surface and scans 200 websites for your information and remove it and keeps you away.

Especially for Cyberguy readers (60% discount): Incogni offers a 30-day money-back guarantee and then only calculates a special cyberguy discount the left In this article by 5.99 USD/month for one person (billed annually) or $ 13,19/month for your family (up to 4 people) in your annual plan and get a fully automated data removal service, including recurring removal of 200+ data brokers. You can add up 3 e -mails, 3 house addresses and 3 phone numbers (Only US citizens) and have them removed from databases from data brokers. I recommend the family plan because it is only $ 4.12 per person and month for all year round coverage. It is an excellent service, and I can only recommend it to try it out to see what it is about.

Get Inkogni here

Get Incogni for your family (up to 4 people) here

The massive safety error is at risk of the most popular browser on Mac

Kurts important snack bar

It is high time that every industry takes cyber security seriously. If your company works online, you are just as responsible for the protection of customer data as a technology company – and possibly even more, since technology companies usually have stronger protective measures. The fact that hipshipers contained a retention bucket with 14 million records speaks about how little they prioritize cybersecurity. And it's not just hipshiper. Many companies that deal with technical products are not even careful enough to protect their critical documents password. This lack of basic security underlines a worrying trend in the industries.

Do you think companies do enough to protect customer data? Let us know in the comments below.

Subscribe to my free Cyberguy Report newsletter here to get further security warnings

Copyright 2025 Cyberguy.com. All rights reserved. Articles and content from Cyberguy.com can contain affiliate links that receive a commission if purchases are made.