Data theft is an increasingly persistent problem these days, and with data’s applications in all sectors of life, it is understandable that a case of a data breach is a matter of grave concern. Indian start-ups have been hit with a string of data breaches in recent days, and Mumbai-based digital supply-chain giant Bizongo reportedly became the latest name in the list on Tuesday.
Bizongo, which has Amazon, Flipkart, Myntra, Swiggy, and Zomato among the clients using its business-to-business (B2B) supply chain and vendor management solutions, exposed nearly 2.5 million files (amounting to 643 GB of data) carrying customer data, which is said to include names, delivery addresses, billing addresses, and phone numbers as well as payment details of clients. According to the security team at Website Planet, a misconfigured Amazon Web Services (AWS) S3 bucket that Bizongo owned was the reason for the data leak. The bucket included two types of files — customer bills and shipping labels.
Since Bizongo worked with over 750 manufacturers and supplied packaging to more than 400 clients, it is inferred that more than a thousand businesses and hundreds of thousands of people have been affected. Anybody who has received a package via Bizongo or placed an order with the company is at risk of this data breach. So if you belong to either of the two groups, beware!
According to Website Planet, they had informed Bizongo about the data in December 2020, but it seems that the customer data was left unsecured on the AWS S3 bucket, leaving user data vulnerable to potentially malicious parties. This can lead attackers to target specific victims, commit fraud using their data, and steal their identity, while it can also lead to business espionage.
This may impact Bizongo heavily, leading to loss of business and credibility and a fall in reputation.
In a blog post, the Website Planet wrote, “With clear examples of branded shipping labels and customer receipts, finding the owner of the breached database was reasonably straightforward. All of the exposed data was identified as accurate, with the data belonging to real individuals.”
In response to this finding, Bizongo told us,”We had an accidental mis-configuration that led to certain S3 buckets being accessible. We have addressed and closed the same within a few hours of receiving the notification from AWS. There is no risk or impact on consumers’ data. We are a B2B company and we do not hold any customer details of our clients. Website planet, a security blog has reported to have had access to our S3 buckets when it was open. They have indicated that their goal is only to secure access to customers data and are working with us to help resolve the issue.”
A data breach sounds frightening, does it not? You should take precautions to safeguard your data and make sure your databases are safe and secure, and always be wary when dealing with unknown parties over email or the phone, especially when they ask an excessive number of questions regarding your business operations or ask you to click on a link or download a file – in which case, refuse until you are sure of its legitimacy.