More than 1.6 million files belonging to thousands of Etsy, Poshmark, Embroly, and TikTok shop customers, most of whom are located in the U.S., have been exposed as a result of a pair of unsecured Azure Blob Storage containers, Cybernews reports.
Most of the leaked documents were shipping email confirmations, particularly for Etsy customers, which included individuals' full names, email addresses, home addresses, and shipping order information, according to Cybernews researchers. "With access to personal information like full names and addresses, attackers could impersonate trusted shipping providers or Etsy itself, making fraudulent communications seem more credible and urging victims to take actions such as confirming personal details, making payment, or clicking malicious links," said researchers, who have yet to ascertain the owner of the unprotected Azure containers. Organizations have been urged to mitigate potential data exposure stemming from server misconfigurations by implementing restricted cloud environment access, access log reviews, server-side encryption, and SSL/TLS protocols, as well as conducting consistent security audits.
Most of the leaked documents were shipping email confirmations, particularly for Etsy customers, which included individuals' full names, email addresses, home addresses, and shipping order information, according to Cybernews researchers. "With access to personal information like full names and addresses, attackers could impersonate trusted shipping providers or Etsy itself, making fraudulent communications seem more credible and urging victims to take actions such as confirming personal details, making payment, or clicking malicious links," said researchers, who have yet to ascertain the owner of the unprotected Azure containers. Organizations have been urged to mitigate potential data exposure stemming from server misconfigurations by implementing restricted cloud environment access, access log reviews, server-side encryption, and SSL/TLS protocols, as well as conducting consistent security audits.
