Over 1.6 million files, primarily belonging to Etsy customers in the U.S., were exposed due to unsecured Azure Blob Storage containers. The leaked data included shipping email confirmations containing sensitive personal information such as full names, email addresses, home addresses, and order details. This exposure creates a high risk of fraudulent impersonation, where attackers could pose as trusted entities (e.g., Etsy or shipping providers) to deceive victims into disclosing further personal details, making fraudulent payments, or clicking malicious links. The breach stems from server misconfigurations, highlighting vulnerabilities in cloud storage security. While the exact owner of the unprotected containers remains unidentified, the incident underscores the critical need for restricted cloud access, encryption, SSL/TLS protocols, and regular security audits to prevent similar exposures. The compromised data, though not financial in nature, enables targeted phishing and identity theft, posing long-term reputational and operational risks to Etsy and its customers.
Source: https://www.scworld.com/brief/misconfigurations-leak-over-1-6m-e-commerce-customers-data
TPRM report: https://www.rankiteo.com/company/etsy-usa
"id": "ets5595855112725",
"linkid": "etsy-usa",
"type": "Breach",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'thousands',
'industry': 'retail',
'location': 'United States',
'name': 'Etsy',
'type': 'e-commerce platform'},
{'customers_affected': 'thousands',
'industry': 'retail',
'location': 'United States',
'name': 'Poshmark',
'type': 'e-commerce platform'},
{'customers_affected': 'thousands',
'industry': 'retail',
'location': 'United States',
'name': 'Embroly',
'type': 'e-commerce platform'},
{'customers_affected': 'thousands',
'industry': 'social media/retail',
'location': 'United States',
'name': 'TikTok Shop',
'type': 'e-commerce platform'}],
'attack_vector': ['unsecured cloud storage', 'server misconfiguration'],
'customer_advisories': ['Warning about potential phishing/impersonation '
'attacks using exposed PII'],
'data_breach': {'data_encryption': ['none (data was unsecured)'],
'file_types_exposed': ['shipping email confirmations'],
'number_of_records_exposed': '1.6 million files',
'personally_identifiable_information': ['full names',
'email addresses',
'home addresses'],
'sensitivity_of_data': 'high (includes full names, addresses, '
'email addresses)',
'type_of_data_compromised': ['shipping confirmations',
'personally identifiable '
'information (PII)']},
'description': 'More than 1.6 million files belonging to thousands of Etsy, '
'Poshmark, Embroly, and TikTok shop customers—primarily in the '
'U.S.—were exposed due to two unsecured Azure Blob Storage '
'containers. The leaked data included shipping email '
'confirmations with full names, email addresses, home '
'addresses, and order details. Attackers could exploit this '
'for impersonation, phishing, or fraud. The owner of the '
'unprotected containers remains unidentified.',
'impact': {'brand_reputation_impact': ['potential erosion of trust',
'risk of phishing attacks'],
'data_compromised': ['full names',
'email addresses',
'home addresses',
'shipping order information'],
'identity_theft_risk': ['high (due to PII exposure)'],
'systems_affected': ['Azure Blob Storage containers']},
'investigation_status': 'ongoing (owner of unprotected containers not yet '
'identified)',
'lessons_learned': ['Critical importance of securing cloud storage '
'configurations',
'Need for access controls and encryption in cloud '
'environments',
'Regular security audits to prevent misconfigurations'],
'motivation': ['opportunistic', 'potential fraud', 'data exploitation'],
'post_incident_analysis': {'corrective_actions': ['Secure cloud storage '
'configurations',
'Implement encryption',
'Enforce access '
'restrictions'],
'root_causes': ['unsecured Azure Blob Storage '
'containers',
'lack of access controls',
'absence of encryption']},
'recommendations': ['Implement restricted access to cloud environments',
'Enable server-side encryption for stored data',
'Enforce SSL/TLS protocols for data in transit',
'Conduct consistent security audits',
'Review access logs for unauthorized activity'],
'references': [{'source': 'Cybernews'}],
'response': {'communication_strategy': ['urging organizations to mitigate '
'misconfigurations'],
'enhanced_monitoring': ['consistent security audits '
'(recommended)'],
'remediation_measures': ['restricted cloud environment access',
'access log reviews',
'server-side encryption',
'SSL/TLS protocols']},
'title': 'Exposure of 1.6 Million Customer Files via Unsecured Azure Blob '
'Storage Containers',
'type': ['data breach', 'misconfiguration'],
'vulnerability_exploited': ['lack of access controls',
'missing server-side encryption',
'unsecured Azure Blob Storage']}