Humanity fears the bomb, the asteroid, and the pandemic, but in the end it’s always the Blob that humanity should fear. The Cybernews research team that discovered and reported on the attack said they found two unprotected Microsoft Azure Blob Storage containers containing over 1.6 million files of customer data, including full names, home addresses, email addresses, and shipping order details.
Unlike recent data leaks from earlier this week, this digital smash-and-grab does seem to affect mostly American customers. The leak was discovered on March 12, 2025, although it wasn’t reported on publicly until later. If you shopped at any of the affected shops—Etsy, TikTok Shops, Poshmark, and Embroly—before then, you should be doubly careful to monitor your banking and credit card accounts and to watch out for phishing attempts.
what the hackers took
“With access to personal information like full names and addresses, attackers could impersonate trusted shipping providers or Etsy itself, making fraudulent communications seem more credible and urging victims to take actions such as confirming personal details, making payment, or clicking malicious links,” say Cybernews’ researchers.
“Moreover, armed with email addresses and detailed shipping information, criminals could engage in social engineering, manipulating victims into sharing additional personal or financial information.
“The email confirmations, which contain personal and order information, could be used to deliver malware. By crafting emails that reference specific products or recent orders, cybercriminals may lure recipients into clicking links or opening attachments that lead to malware infections.”
Yikes. The vast majority of affected accounts are American, according to the research team, although some Canadian and Australian customers were also affected. Of the exposed accounts, most were from Etsy.
Want a quick way to check? Head over to Have I Been Pwned, which lets you punch in your email address(es) to see if they’ve been involved in a data breach. That’s step one to discovering whether you’re affected. Step two, which isn’t a bad idea even if you aren’t on the list, is a service such as DeleteMe that periodically employs real people to scrub your personal data from the web.
The post Hackers Stole Data From 1.6M TikTok Shop, Poshmark, and Etsy Accounts appeared first on VICE.
