- More than 1.6 million files have been discovered online by researchers
- They belong to the customers of AT, Poshamark and Tikokk Shop
- Personally identifable includes information
Two clearly unsafe Azure Blob Storage Containers are holding a joint 1.6 million files Cybernews researcherThe online shopping platform allegedly belongs to Etsy, Poshamark and Tikokk Shop.
Researchers say that these files contain individually identified information, such as full name, home addresses, email addresses and shipping orders details.
Whoever uses these services should keep a close watch on their accounts and if they are concerned, take a look at the best identity stolen monitoring equipment.
Risk customer
Both exposed examples include “the HTML format involves shipping email confirmation,” researchers confirmed, and most users are in the United States, with some of Canada and some of Australia.
The exact origin or ownership of the dataset is not yet known, but the nature of the information suggests that they belong to a special storefront (beyond several shopping platforms), especially a Vietnamese-based embroidery service.
It is also not known that the cyber criminal has access these datasets, but only an internal forensic audit will only reveal this information.
Researchers underlined the risk that exposes to those who explain social engineering attacks from cyber criminal, which presents Etsy or Tiktok Shop – urges customers to give their details, resulting in potential financial loss.
Researchers said, “With access to personal information such as full names and addresses, the attackers can replicate reliable shipping providers or ETSC themselves, which makes fraudulent communication more reliable and urge the victims to urge to confirm personal details, pay or click on malicious links.”
Data leaks unfortunately are very common for internet users today.
We recommend to check regularly whether your details have been exposed, using services Have i been pwned – And monitor your accounts, statements and transactions – and immediately report any suspicious or unexpected activity with your bank or credit card provider.
