Indian supply-chain giant Bizongo exposed 643GB of sensitive data

Bizongo did not respond to the researchers when contacted about the data leak. Here’s how it happened and what data was leaked.

Bizongo did not respond to the researchers when contacted about the data leak.

Bizongo, an online packaging marketplace has suffered a data leak in which the company left highly sensitive customer information unsecured and potentially exposed to hackers and other malicious individuals. The reason behind the incident is the company’s misconfigured AWS S3 data bucket.

The data leak was discovered by researchers at Website Planet security as of late December 2020, but the details of it have also been shared now. According to researchers, they immediately contacted Bizongo regarding the incident but received no response.

What and how much data was exposed?

However, on 8th January 2021, the team checked the bucket again and the breach was found to be closed. During this time period, approximately 2,532,610 files were exposed, equating to 643GB of data. 

It is worth noting that Bizongo exposed its AWS S3 data bucket to the public allowing anyone to access the treasure trove of data without any password or even the simplest form of security authentication.

According to Website Planet’s report, the exposed bucket included PII and payment data of Bizongo’s Bizongo. These included the following:

  • Full names
  • Phone numbers
  • Billing addresses
  • Delivery Addresses
  • Shipping and tracking numbers
  • Billing details with clients’ financial details

Sample files in the data leak

Image: Website Planet

How big exactly is Bizongo?

Bizongo is an online packaging marketplace with a vast network of over 400 clients spanning a multitude of industries and has delivered more than 860 million packages to date. Considering the size of the breach, there could be over a thousand businesses affected, along with hundreds of thousands of people who would be at risk of identity theft and fraud, scams, business espionage, and theft. 

India and cybersecurity

India is home to large corporations and top cybersecurity professionals however like any other country companies seem to go easy on their online security. For instance, in the last few months, Upstox, MobiKwik, Airtel, IIMJobs, Dunzo, Indiabulls, and Bharat Interface for Money (BHIM) are among the list of top firms to suffer data breaches. 

It is time for companies to take their online security seriously, hire cybersecurity companies or professionals to conduct in-depth scans of their network and vulnerability assessment. This will help them identify and close any loophole that can expose their data or exploited by threat actors to steal sensitive information.

Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.

Related Posts