Tag: leak

Huge data leak exposes 14 million customer shipping records

‘CyberGuy’: Protect your data

Kurt Knutsson joins “FOX & Friends” to discuss how your smart home cameras could be spying on you and how to combat phone addiction.

No industry is safe from data breaches. Over the past few months alone, we’ve seen security incidents hit almost every sector, including healthcare, finance and tech. Now, the shipping industry has joined the list, with a major global shipper that works with Amazon, eBay and Shopify exposing 14 million records.

To make things worse, the open instance was found in December during the peak of international shipping when people are sending and receiving gifts all over the world. Researchers traced it back to an unprotected AWS bucket owned by Hipshipper.

STAY PROTECTED & INFORMED! GET SECURITY ALERTS & EXPERT TECH TIPS — SIGN UP FOR KURT’S THE CYBERGUY REPORT NOW

Amazon boxes with labels on top. (Kurt “CyberGuy” Knutsson)

What you need to know

Hipshipper, a shipping platform used by sellers on eBay, Shopify and Amazon, accidentally exposed millions of shipping labels with personal customer information. Researchers at Cybernews found the exposed data in December 2024, but it wasn’t fixed until January, meaning it was open for at least a month. Hipshipper helps people ship packages to over 150 countries, offering tracking, free insurance and easy returns. The exposed shipping labels are important because they detail what’s inside the packages and where they’re supposed to go.

However, an unprotected AWS bucket held over 14.3 million records, mainly shipping labels and customs forms. Researchers from Cybernews said, “Cybercriminals can use leaked data to carry out scams and phishing attacks. For example, criminals might pretend to be trusted businesses and send fake messages using specific order details to trick people into sharing personal or financial information.”

Employees at a shipping facility. (Kurt “CyberGuy” Knutsson)

THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION

What data was leaked?

Researchers believe the exposed bucket contained sensitive information about buyers, including their full names, home addresses, phone numbers and order details such as mailing dates and parcel information. While there’s no direct evidence that cybercriminals accessed the exposed data, millions of malicious actors use automated bots to search the internet for similar leaks, hoping to find data they can use for harmful purposes.

These criminals could exploit the leaked information to launch scams and phishing attacks. For instance, they might pretend to be trusted companies and send fake messages that use specific order details to pressure people into urgently verifying personal or financial information. Unfortunately, retail companies are a prime target for hackers, and relying on large, well-known firms doesn’t always protect your information. Recent breaches involving companies like Grubhub, Mizuno and Hot Topic show that even big-name retailers can suffer significant security lapses.

Illustration of a hacker at work. (Kurt “CyberGuy” Knutsson)

FROM TIKTOK TO TROUBLE: HOW YOUR ONLINE DATA CAN BE WEAPONIZED AGAINST YOU

7 ways you can protect yourself after a data breach like this

1) Beware of phishing attempts and use strong antivirus software: After a data breach, scammers often use the stolen data to craft convincing phishing messages. These can come via email, text or phone calls, pretending to be from trusted companies. Be extra cautious about unsolicited messages with links asking for personal or financial details, even if they reference recent orders or transactions. The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

2) Watch out for snail mail: While many security threats happen online, physical mail can also be a target. With home addresses exposed in data leaks, criminals may send fraudulent letters or fake invoices to trick you into providing further personal information or making payments. If you receive suspicious mail, avoid responding and report it to the company it claims to be from.

3) Invest in identity theft protection: Given the exposure of personal data, such as names, addresses and order details, investing in identity theft protection services can provide an extra layer of security. These services monitor your financial accounts and credit report for any signs of fraudulent activity, alerting you to potential identity theft early on. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft.

4) Enable two-factor authentication on accounts: Enabling two-factor authentication adds an extra layer of security to your online accounts. Even if hackers get hold of your login credentials, they won’t be able to access your accounts without the second verification step, such as a code sent to your phone or email. This simple step can significantly reduce the risk of unauthorized access to sensitive personal information.

5) Monitor your credit reports regularly: You can request free credit reports from major credit bureaus to check for any suspicious activity or unauthorized accounts opened in your name.

6) Update your passwords: Change passwords for any accounts that may have been affected by the breach and use unique, strong passwords for each account. Consider using a password manager. This can help you generate and store strong, unique passwords for all your accounts.

7) Remove your personal data from public databases: If your personal data was exposed in this breach, it’s crucial to act quickly to reduce your risk of identity theft and scams by removing your personal information from the web. Check out my top picks for data removal services here.

MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

Kurt’s key takeaway

It’s high time every industry took cybersecurity seriously. If your business operates online, you are just as responsible for protecting customer data as a tech company, possibly even more so, since tech companies typically have stronger safeguards in place. The fact that Hipshipper left a storage bucket containing 14 million records unprotected speaks volumes about how little they prioritize cybersecurity. And it’s not just Hipshipper. Many companies dealing with tech products aren’t even careful enough to password-protect their critical documents. This lack of basic security highlights a worrying trend across industries.

Do you think businesses are doing enough to protect customer data? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

February 21, 2025
CIA releases new analysis on COVID origins favoring lab leak theory

The CIA has changed its assessment on the origins of the COVID-19 pandemic, now favoring the lab leak theory. Under its new director, John Ratcliffe, the agency released an assessment on the origins of COVID-19.

The review was ordered by former President Joe Biden’s National Security Advisor Jake Sullivan toward the end of Biden’s time in office.

Analysts made the assessment with “low confidence” despite former CIA director Bill Burns, who remained agnostic on the origins, telling the agency it needed to look at the existing evidence again and come down on one side or the other.

Security personnel stand guard outside the Wuhan Institute of Virology in Wuhan as members of the World Health Organization team investigating the origins of the COVID-19 coronavirus made a visit to the institute in Wuhan in China’s central Hubei province Feb. 3, 2021. (Hector Retamal/AFP via Getty Images)

JOHN RATCLIFFE SAYS US FACES ‘MOST CHALLENGING SECURITY ENVIRONMENT’ EVER IN CONFIRMATION HEARING

The agency has maintained for years it did not have enough intelligence to conclude whether COVID originated in a lab or a wet market in Wuhan, China. Despite the new assessment favoring a lab leak, there was no indication of new evidence.

“CIA assesses with low confidence that a research-related origin of the COVID-19 pandemic is more likely than a natural origin based on the available body of reporting. CIA continues to assess that both research-related and natural origin scenarios of the COVID-19 pandemic remain plausible,” a CIA spokesperson told Fox News.

“We have low confidence in this judgment and will continue to evaluate any available credible new intelligence reporting or open-source information that could change CIA’s assessment.”

Ratcliffe, who was confirmed Thursday, has long been a proponent of the lab leak theory. In an interview with Breitbart, Ratcliffe framed the assessment of COVID’s origins as part of a broader strategy “addressing the threat from China.”

He also said he wants the CIA to “get off the sidelines” and take a stand.

John Ratcliffe appears for a Senate Intelligence confirmation hearing on Capitol Hill Jan. 15, 2025, in Washington, D.C. (Andrew Harnik/Getty Images)

WHO RENEWS CALLS FOR CHINA TO SHARE DATA ON COVID ORIGINS 5 YEARS LATER

In a March 2023 Fox News piece co-written with Cliff Sims, Ratcliffe accused the Biden administration of trying to keep a growing consensus around the lab leak theory quiet by suppressing “what can clearly be assessed from the intelligence they possess.”

He also cast doubt on the notion that the CIA did not have enough evidence to come to a conclusion about the virus’ origins.

“The CIA is the world’s premier spy agency. Its reach is unmatched, its ability to acquire information unrivaled. And yet here we are three-and-a-half years later and there is ample public reporting that the CIA just doesn’t have enough information to make an assessment. This is utter nonsense,” the March 2023 piece says.

A sign about COVID-19 testing is displayed outside a COVID-19 testing site as a health walker collects testing tubes in Wheeling, Ill., Dec. 3, 2021. (AP Photo/Nam Y. Huh)

CLICK HERE TO GET THE FOX NEWS APP

In the same piece, Ratcliffe and Sims dismissed the idea that the virus emerged naturally, claiming there was “a complete absence of intelligence or scientific evidence” pointing to that conclusion.

When he testified before the House Select Subcommittee on the Coronavirus Pandemic in April 2023, Ratcliffe said the lab leak theory was “the only explanation credibly supported by our intelligence, by science and by common sense.”

Rachel Wolf is a breaking news writer for Fox News Digital and FOX Business.

January 26, 2025