A significant data breach has exposed the personal information of over 1.6 million customers from popular e-commerce platforms, including Etsy and TikTok Shop. Cybersecurity researchers discovered two unsecured Azure Blob Storage containers containing HTML files of shipping confirmation emails. These files revealed sensitive details such as full names, home addresses, email addresses, and order specifics.
The majority of the affected individuals are based in the United States, with additional cases identified in Canada and Australia. While Etsy accounts for most of the exposed data, entries from TikTok Shop, Poshmark, and Embroly were also found. The leaked information poses significant risks, as cybercriminals could exploit these details to craft convincing phishing emails or engage in social engineering attacks.
Researchers noted that the exposed data primarily originated from orders related to custom embroidery designs, with some linked to Vietnamese-based embroidery services. The exact ownership of the compromised storage instances remains unclear.
This incident underscores the critical importance of securing cloud storage environments. E-commerce platforms must implement stringent security measures to protect customer data and maintain trust. Affected users are advised to remain vigilant for any suspicious communications and to verify the authenticity of messages claiming to be from these platforms.
