Massive data leak exposes 1.6 million Etsy and other TikTok shop customer details - here's what we know
Huge number of customer files have been compromised following apparent breach.
- Over 1.6 million files have been discovered online by researchers
- These seem to belong to Etsy, Poshmark, and TikTok Shop customers
- Personally Identifiable Information is included
Two apparently unsecured Azure Blob Storage containers holding a combined 1.6 million files have been discovered by CyberNews researchers, allegedly belonging to online shopping platforms Etsy, Poshmark, and TikTok Shop.
The researchers say these files contained personally identifiable information, such as full names, home addresses, email addresses, and shipping order details.
Anyone who uses these services should keep a close eye on their accounts and take a look at the best identity theft monitoring tools if they are concerned.
Save up to 68% on identity theft protection for TechRadar readers!
TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.
Preferred partner (What does this mean?)View Deal
Customers at risk
Both of the exposed instances “contained shipping email confirmations in HTML format,” researchers confirmed, and the vast majority of users exposed are in the United States, with some from Canada and Australia.
The exact origin or ownership of the datasets is not yet known, but the nature of the information suggests that these belonged to one particular storefront (across multiple shopping platforms), in particular a Vietnamese-based embroidery service.
It’s also not known whether cybercriminals have accessed these datasets, but only an internal forensic audit would reveal this information.
Researchers outlined the risk this brings to those exposed, such as convincing social engineering attacks from cybercriminals posing as Etsy or TikTok shop - urging customers to give their details, resulting in potential financial loss.
“With access to personal information like full names and addresses, attackers could impersonate trusted shipping providers or Etsy itself, making fraudulent communications seem more credible and urging victims to take actions such as confirming personal details, making payment, or clicking malicious links,” the researchers said.
Data leaks are unfortunately all too common for internet users today.
We recommend regularly checking whether your details have been exposed, using services like Have I Been Pwned - and monitoring your accounts, statements, and transactions - and immediately reporting any suspicious or unexpected activity with your bank or credit card provider.
You might also like
- Take a look at our picks for the best malware removal software around
- Check out our choice for best antivirus software
- Adidas confirms customer data stolen in worrying cyberattack
