A misconfigured cloud server linked to global e-commerce orders has leaked shipping data tied to Etsy, TikTok, and other platforms.
What happened
Cybersecurity researchers from Cybernews discovered two misconfigured Microsoft Azure Blob Storage containers containing over 1.6 million files, primarily HTML shipping confirmation emails. These files exposed full names, home addresses, email addresses, and order details mainly from customers in the U.S., but also in Canada and Australia.
The affected emails were tied to purchases made via Etsy, TikTok shops, Poshmark, and a vendor called Embroly. While the identity of the storage bucket owner remains unknown, metadata suggests the source is a Vietnam-based embroidery service operating across multiple storefronts.
Going deeper
Shipping confirmation emails may seem harmless, but the combination of personal and order-specific details creates a high risk for phishing, identity theft, and social engineering attacks. Emails referencing real transactions increase the likelihood that a recipient will trust and act on fraudulent communications.
Researchers warned that attackers could impersonate platforms like Etsy or known couriers, prompting customers to click malicious links, share additional information, or download malware under the guise of tracking a recent order. Some confirmations even included product-level details, giving scammers extra leverage in personalizing their attacks.
The broader concern is how easily such a large-scale leak happened, simply due to a cloud misconfiguration. The storage containers were left publicly accessible without access restrictions or encryption, proving basic security failures.
What was said
Experts at KnowBe4 stressed that relying on obscurity or assumed privacy is not sufficient when dealing with cloud-connected platforms. Javvad Malik, a security advocate, said the breach “underscores the crucial balance between technological solutions and human vigilance,” especially in retail ecosystems. James McQuiggan added that organizations must treat every third-party link as an active part of their attack surface and ensure continuous validation, monitoring, and least-privilege configurations.
The big picture
Cloud storage misconfigurations continue to pose challenges across sectors, especially in e-commerce, where vendors frequently depend on third-party fulfillment services and storefront platforms. Without proper security controls, even small sellers can unintentionally expose customer data on a broad scale. Addressing these risks requires not only technical safeguards but also stronger oversight of third-party integrations and vendor compliance practices.
FAQs
What is Azure Blob Storage, and how can it lead to data leaks?
Azure Blob Storage is a Microsoft cloud service for storing large amounts of unstructured data. If containers are left publicly accessible without permissions or encryption, anyone with the link can access the files.
Why are order confirmation emails so risky when leaked?
They include real customer names, addresses, and order details, making them perfect bait for phishing. Attackers can craft messages that appear legitimate and prompt users to take dangerous actions.
What should customers do if they suspect their order data was exposed?
Monitor email accounts for phishing attempts, avoid clicking links in unexpected messages, and consider using a credit monitoring service if personal data was involved.
How can e-commerce platforms reduce third-party risk?
Platforms should enforce minimum security standards for sellers, conduct routine audits, and monitor connected vendors for unusual activity or misconfigurations.
Is it possible to trace or report unsecured cloud storage?
Yes. Tools and platforms exist to scan for open storage buckets. Security researchers or affected users can report findings to the relevant cloud provider or data protection authorities.
Farah Amod
