SpeedX Suffers Massive Data Exposure Affecting 840 Million Records
Last-mile delivery company SpeedX has been at the center of one of the largest data exposure incidents to date, with threat actors allegedly accessing over 840 million records containing sensitive information. The leaked data includes U.S. customer addresses, package photos, and images of couriers’ driver’s licenses, raising significant privacy and security concerns.
The exposure was uncovered by Cybernews researchers in March, who found that the data was accessible due to a misconfigured Azure Blob storage container. While SpeedX maintains that no unauthorized access occurred, calling it a configuration issue rather than a breach, the company acknowledged that limited metadata responses were possible under the previous setup. A SpeedX representative stated that their investigation found no evidence of malicious activity, data leakage, or compromised customer accounts.
However, Cybernews researchers disputed SpeedX’s assessment, demonstrating that accessing the files required only the bucket name no additional object paths were needed. The exposed data poses serious risks, including fraud, social engineering attacks, and identity theft for both customers and drivers. Additionally, the leaked package information provides cybercriminals with insight into SpeedX’s internal operations, potentially enabling more targeted attacks and supply chain disruptions.
SpeedX handles millions of daily deliveries for major platforms, including Shein, Temu, Amazon, and TikTok Shop, amplifying the potential impact of the incident. The full extent of the exposure and its consequences remain under scrutiny.
SpeedX cybersecurity rating report: https://www.rankiteo.com/company/speedx-delivery
"id": "SPE1780295140",
"linkid": "speedx-delivery",
"type": "Breach",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Millions',
'industry': 'Logistics/Delivery',
'location': 'U.S.',
'name': 'SpeedX',
'type': 'Company'}],
'attack_vector': 'Misconfigured Azure Blob storage container',
'data_breach': {'file_types_exposed': ['Images', 'Metadata'],
'number_of_records_exposed': '840 million',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Customer addresses',
'Package photos',
'Driver’s license images']},
'date_detected': '2024-03',
'description': 'Last-mile delivery company SpeedX has been at the center of '
'one of the largest data exposure incidents to date, with '
'threat actors allegedly accessing over 840 million records '
'containing sensitive information. The leaked data includes '
'U.S. customer addresses, package photos, and images of '
'couriers’ driver’s licenses, raising significant privacy and '
'security concerns.',
'impact': {'brand_reputation_impact': 'Significant',
'data_compromised': '840 million records',
'identity_theft_risk': 'High',
'operational_impact': 'Potential supply chain disruptions',
'systems_affected': 'Azure Blob storage container'},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'corrective_actions': 'Configuration fix',
'root_causes': 'Misconfigured Azure Blob storage '
'container'},
'references': [{'source': 'Cybernews'}],
'response': {'communication_strategy': 'Public statement',
'containment_measures': 'Configuration fix'},
'title': 'SpeedX Suffers Massive Data Exposure Affecting 840 Million Records',
'type': 'Data Exposure',
'vulnerability_exploited': 'Misconfiguration'}