Hipshipper, shipping platform leaks over 14 million shipping records
Learn More
Hipshipper, an international shipping platform serving eBay, Shopify, and Amazon sellers across 150 countries, was found a leaking data through an unprotected AWS bucket.
The leak was discovered in December 2024 but wasn't fixed until January 2025, potentially exposing millions of customers' personal information. The exposed data bucket contained over 14.3 million records, affecting customers across 150+ countries. Exposed data includes:
- Full names
- Home addresses
- Phone numbers
- Email addresses
- Order details (mailing dates, parcel information)
- Shipping labels
- Customs declaration forms
- Invoices
The number of affected individuals is not specifically disclosed, but likely to be in the millions. According to cybersecurity experts, including Thomas Holt from Michigan State University, the exposed data could be particularly valuable for fraud and sophisticated phishing attacks, as it contains verified transaction information that could make scam attempts more convincing.
Hipshipper has since secured the exposed AWS bucket after being contacted by Cybernews researchers. It's not clear whether malicious actors accessed the data during the exposure period, but automated bots regularly scan for such vulnerabilities.
