No industry is safe from data breaches. Over the past few months alone, we’ve seen security incidents hit almost every sector, including healthcare, finance, and tech. Now, the shipping industry has joined the list, with a major global shipper that works with Amazon, eBay, and Shopify exposing 14 million records. To make things worse, the open instance was found in December, during the peak of international shipping when people are sending and receiving gifts all over the world. Researchers traced it back to an unprotected AWS bucket owned by Hipshipper.
What you need to know
Hipshipper, a shipping platform used by sellers on eBay, Shopify, and Amazon, accidentally exposed millions of shipping labels with personal customer information. Researchers at Cybernews found the exposed data in December 2024, but it wasn’t fixed until January 2025, meaning it was open for at least a month. Hipshipper helps people ship packages to over 150 countries, offering tracking, free insurance, and easy returns. The exposed shipping labels are important because they detail what’s inside the packages and where they’re supposed to go.
However, an unprotected AWS bucket held over 14.3 million records, mainly shipping labels and customs forms. Researchers from Cybernews explained, “Cybercriminals can use leaked data to carry out scams and phishing attacks. For example, criminals might pretend to be trusted businesses and send fake messages using specific order details to trick people into sharing personal or financial information.”
THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION
What data was leaked
Researchers believe the exposed bucket contained sensitive information about buyers, including their full names, home addresses, phone numbers, and order details such as mailing dates and parcel information. While there’s no direct evidence that cybercriminals accessed the exposed data, millions of malicious actors use automated bots to search the internet for similar leaks, hoping to find data they can use for harmful purposes.
These criminals could exploit the leaked information to launch scams and phishing attacks. For instance, they might pretend to be trusted companies and send fake messages that use specific order details to pressure people into urgently verifying personal or financial information.
Unfortunately, retail companies are a prime target for hackers, and relying on large, well-known firms doesn’t always protect your information. Recent breaches involving companies like GrubHub, Mizuno, and Hot Topic show that even big-name retailers can suffer significant security lapses.
FROM TIKTOK TO TROUBLE: HOW YOUR ONLINE DATA CAN BE WEAPONIZED AGAINST YOU
7 ways you can protect yourself after a data breach like this
1) Beware of phishing attempts and use strong antivirus software: After a data breach, scammers often use the stolen data to craft convincing phishing messages. These can come via email, text, or phone calls, pretending to be from trusted companies. Be extra cautious about unsolicited messages with links asking for personal or financial details, even if they reference recent orders or transactions. The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
My top pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.
2) Watch out for snail mail: While many security threats happen online, physical mail can also be a target. With home addresses exposed in data leaks, criminals may send fraudulent letters or fake invoices to trick you into providing further personal information or making payments. If you receive suspicious mail, avoid responding and report it to the company it claims to be from.
3) Invest in identity theft protection: Given the exposure of personal data, such as names, addresses, and order details, investing in identity theft protection services can provide an extra layer of security. These services monitor your financial accounts and credit report for any signs of fraudulent activity, alerting you to potential identity theft early on. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
One of the best parts of my #1 pick, Identity Guard, is that they have identity theft insurance of up to 1 million dollars to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses.
Exclusive CyberGuy deal: 66% off Ultra Annual Plans: Get the Identity Guard Ultra protection to protect your identity and credit for as little as $9.99/mo (lowest offered anywhere) for the first year.
See my tips and best picks on how to protect yourself from identity theft.
4) Enable two-factor authentication (2FA) on accounts: Enabling two-factor authentication adds an extra layer of security to your online accounts. Even if hackers get hold of your login credentials, they won’t be able to access your accounts without the second verification step, such as a code sent to your phone or email. This simple step can significantly reduce the risk of unauthorized access to sensitive personal information.
5) Monitor your credit reports regularly: You can request free credit reports from major credit bureaus to check for any suspicious activity or unauthorized accounts opened in your name.
6) Update your passwords: Change passwords for any accounts that may have been affected by the breach, and use unique, strong passwords for each account. Consider using a password manager. This can help you generate and store strong, unique passwords for all your accounts. Our top pick for a password manager is NordPass. NordPass is a secure and user-friendly password manager that uses zero-knowledge and military-grade XChaCha20 encryption to protect your data. It supports Windows, macOS, Linux, Android, iOS, and major browsers while offering unlimited password storage, secure sharing, password health reports, data breach monitoring, auto-fill, and emergency access.
Get more details about my best expert-reviewed Password Managers of 2025 here.
7) Remove your personal data from public databases: If your personal data was exposed in this breach, it’s crucial to act quickly to reduce your risk of identity theft and scams. A service like Incogni can help you remove all this personal information from the internet. It has a very clean interface and will scan 200+ websites for your information and remove it and keep it removed.
Special for CyberGuy Readers (60% off): Incogni offers A 30-day money-back guarantee and then charges a special CyberGuy discount only through the links in this article of $5.99/month for one person (billed annually) or $13.19/month for your family (up to 4 people) on their annual plan and get a fully automated data removal service, including recurring removal from 200+ data brokers. You can add up to 3 emails, 3 home addresses and 3 phone numbers (U.S. citizens only) and have them removed from data-broker databases. I recommend the family plan because it works out to only $4.12 per person per month for year-round coverage. It’s an excellent service, and I highly recommend at least trying it out to see what it’s all about.
Get Incogni for your family (up to 4 people) here
MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC
Kurt’s key takeaway
It’s high time every industry takes cybersecurity seriously. If your business operates online, you are just as responsible for protecting customer data as a tech company—and possibly even more so, since tech companies typically have stronger safeguards in place. The fact that Hipshipper left a storage bucket containing 14 million records unprotected speaks volumes about how little they prioritize cybersecurity. And it’s not just Hipshipper. Many companies dealing with tech products aren’t even careful enough to password-protect their critical documents. This lack of basic security highlights a worrying trend across industries.
Do you think businesses are doing enough to protect customer data? Let us know in the comments below.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2025 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.