E-Commerce data leak exposes 1.6M customer records through misconfigured cloud storage
Learn More
Cybernews security researchers have discovered a data leak affecting customers from major e-commerce platforms including Etsy, Poshmark, TikTok Shop, and Embr.
The leak was detected in late May 2025 and involved two unprotected Azure Blob Storage containers containing over 1.6 million files with sensitive customer information. Researchers have been unable to identify the exact owner of the misconfigured storage instances.
The cause of the breach was attributed to misconfigured cloud storage systems that left customer data completely unprotected and accessible to anyone. The exposed instances contained shipping email confirmations in HTML format, primarily affecting customers in the United States, with some individuals from Canada and Australia also impacted.
Evidence suggests that the data belongs to a single entity that operates multiple shops across various popular e-commerce platforms, with Etsy customers being the most significantly affected group. The affected orders were primarily for custom embroidery designs, with designer names and order details linking back to Vietnamese-based embroidery services.
The exposed customer data includes:
- Full names
- Home addresses
- Email addresses
- Shipping order details and confirmations
The leaked shipping confirmation emails, which contain personal and order information, could be weaponized to deliver malware through targeted campaigns that reference specific products or recent orders, potentially luring recipients into clicking malicious links or opening infected attachments.
Since researchers could not identify the owners of the exposed Azure storage, it's not clear whether the files are secure or are still exposed on the internet.
Etsy, Poshmark, TikTok Shop, and Embroly have not commented on the incident.
