Recommended reading

Massive data leak exposes 1.6 million Etsy and other TikTok shop customer details - here's what we know

News
By published

Over a million customer files compromised

Etsy logo
(Image credit: Etsy)
  • Over 1.6 million files have been discovered online by researchers
  • These seem to belong to Etsy, Poshmark, and TikTok Shop customers
  • Personally Identifiable Information is included

Two apparently unsecured Azure Blob Storage containers holding a combined 1.6 million files have been discovered by CyberNews researchers, allegedly belonging to online shopping platforms Etsy, Poshmark, and TikTok Shop.

The researchers say these files contained personally identifiable information, such as full names, home addresses, email addresses, and shipping order details.

Anyone who uses these services should keep a close eye on their accounts and take a look at the best identity theft monitoring tools if they are concerned.

Save up to 68% on identity theft protection for TechRadar readers!

Save up to 68% on identity theft protection for TechRadar readers!

TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.

Preferred partner (What does this mean?)

View Deal

Customers at risk

Both of the exposed instances “contained shipping email confirmations in HTML format,” researchers confirmed, and the vast majority of users exposed are in the United States, with some from Canada and Australia.

The exact origin or ownership of the datasets is not yet known, but the nature of the information suggests that these belonged to one particular storefront (across multiple shopping platforms), in particular a Vietnamese-based embroidery service.

It’s also not known whether cybercriminals have accessed these datasets, but only an internal forensic audit would reveal this information.

Researchers outlined the risk this brings to those exposed, such as convincing social engineering attacks from cybercriminals posing as Etsy or TikTok shop - urging customers to give their details, resulting in potential financial loss.

“With access to personal information like full names and addresses, attackers could impersonate trusted shipping providers or Etsy itself, making fraudulent communications seem more credible and urging victims to take actions such as confirming personal details, making payment, or clicking malicious links,” the researchers said.

Data leaks are unfortunately all too common for internet users today.

We recommend regularly checking whether your details have been exposed, using services like Have I Been Pwned - and monitoring your accounts, statements, and transactions - and immediately reporting any suspicious or unexpected activity with your bank or credit card provider.

You might also like

Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.