International shipping solution Hipshipper — which is leveraged by Amazon, Shopify, and eBay sellers to deliver goods to more than 150 countries — had more than 14.3 million records inadvertently exposed by an unsecured Amazon AWS bucket, Cybernews reports.
Most of the leaked information consisted of shipping labels and customs declaration forms containing individuals' full names, home addresses, and phone numbers, as well as their order details, according to Cybernews researchers, who noted that Hipshipper had protected the misconfigured storage bucket nearly a month after initial disclosure. With the exposed data increasing the risk of additional fraudulent activity, malware intrusions, and physical attacks, organizations have been urged to bolster data security by implementing more robust access controls, tracking access logs for potential unauthorized use, and activating server-side encryption. Organizations should also adopt AWS Key Management Service and SSL/TLS protocols in addition to consistent data audits, employee training programs, and automated security inspections, said researchers.
