No industry is safe from data breaches. Over the past few months alone, we’ve seen security incidents hit almost every sector, including healthcare, finance and tech. Now, the shipping industry has joined the list, with a major global shipper that works with Amazon, eBay and Shopify exposing 14 million records.
To make things worse, the open instance was found in December during the peak of international shipping when people are sending and receiving gifts all over the world. Researchers traced it back to an unprotected AWS bucket owned by Hipshipper.
STAY PROTECTED & INFORMED! GET SECURITY ALERTS & EXPERT TECH TIPS — SIGN UP FOR KURT’S THE CYBERGUY REPORT NOW
What you need to know
Hipshipper, a shipping platform used by sellers on eBay, Shopify and Amazon, accidentally exposed millions of shipping labels with personal customer information. Researchers at Cybernews found the exposed data in December 2024, but it wasn’t fixed until January, meaning it was open for at least a month. Hipshipper helps people ship packages to over 150 countries, offering tracking, free insurance and easy returns. The exposed shipping labels are important because they detail what’s inside the packages and where they’re supposed to go.
However, an unprotected AWS bucket held over 14.3 million records, mainly shipping labels and customs forms. Researchers from Cybernews said, “Cybercriminals can use leaked data to carry out scams and phishing attacks. For example, criminals might pretend to be trusted businesses and send fake messages using specific order details to trick people into sharing personal or financial information.”
THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION
What data was leaked?
Researchers believe the exposed bucket contained sensitive information about buyers, including their full names, home addresses, phone numbers and order details such as mailing dates and parcel information. While there’s no direct evidence that cybercriminals accessed the exposed data, millions of malicious actors use automated bots to search the internet for similar leaks, hoping to find data they can use for harmful purposes.
These criminals could exploit the leaked information to launch scams and phishing attacks. For instance, they might pretend to be trusted companies and send fake messages that use specific order details to pressure people into urgently verifying personal or financial information. Unfortunately, retail companies are a prime target for hackers, and relying on large, well-known firms doesn’t always protect your information. Recent breaches involving companies like Grubhub, Mizuno and Hot Topic show that even big-name retailers can suffer significant security lapses.
FROM TIKTOK TO TROUBLE: HOW YOUR ONLINE DATA CAN BE WEAPONIZED AGAINST YOU
7 ways you can protect yourself after a data breach like this
1) Beware of phishing attempts and use strong antivirus software: After a data breach, scammers often use the stolen data to craft convincing phishing messages. These can come via email, text or phone calls, pretending to be from trusted companies. Be extra cautious about unsolicited messages with links asking for personal or financial details, even if they reference recent orders or transactions. The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
2) Watch out for snail mail: While many security threats happen online, physical mail can also be a target. With home addresses exposed in data leaks, criminals may send fraudulent letters or fake invoices to trick you into providing further personal information or making payments. If you receive suspicious mail, avoid responding and report it to the company it claims to be from.
3) Invest in identity theft protection: Given the exposure of personal data, such as names, addresses and order details, investing in identity theft protection services can provide an extra layer of security. These services monitor your financial accounts and credit report for any signs of fraudulent activity, alerting you to potential identity theft early on. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft.
4) Enable two-factor authentication on accounts: Enabling two-factor authentication adds an extra layer of security to your online accounts. Even if hackers get hold of your login credentials, they won’t be able to access your accounts without the second verification step, such as a code sent to your phone or email. This simple step can significantly reduce the risk of unauthorized access to sensitive personal information.
5) Monitor your credit reports regularly: You can request free credit reports from major credit bureaus to check for any suspicious activity or unauthorized accounts opened in your name.
6) Update your passwords: Change passwords for any accounts that may have been affected by the breach and use unique, strong passwords for each account. Consider using a password manager. This can help you generate and store strong, unique passwords for all your accounts.
7) Remove your personal data from public databases: If your personal data was exposed in this breach, it’s crucial to act quickly to reduce your risk of identity theft and scams by removing your personal information from the web. Check out my top picks for data removal services here.
MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC
Kurt’s key takeaway
It’s high time every industry took cybersecurity seriously. If your business operates online, you are just as responsible for protecting customer data as a tech company, possibly even more so, since tech companies typically have stronger safeguards in place. The fact that Hipshipper left a storage bucket containing 14 million records unprotected speaks volumes about how little they prioritize cybersecurity. And it’s not just Hipshipper. Many companies dealing with tech products aren’t even careful enough to password-protect their critical documents. This lack of basic security highlights a worrying trend across industries.
Do you think businesses are doing enough to protect customer data? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most-asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.
Read the full article here
