Indian supply-chain giant Bizongo exposed 643GB of sensitive data

Indian supply-chain giant Bizongo exposed 643GB of sensitive data

Bizongo did not respond to the researchers when contacted about the data leak.

Bizongo, an online packaging marketplace has suffered a data leak in which the company left highly sensitive customer information unsecured and potentially exposed to hackers and other malicious individuals. The reason behind the incident is the company’s misconfigured AWS S3 data bucket.

The data leak was discovered by researchers at Website Planet security as of late December 2020, but the details of it have also been shared now. According to researchers, they immediately contacted Bizongo regarding the incident but received no response.

What and how much data was exposed?

However, on 8th January 2021, the team checked the bucket again and the breach was found to be closed. During this time period, approximately 2,532,610 files were exposed, equating to 643GB of data. 

It is worth noting that Bizongo exposed its AWS S3 data bucket to the public allowing anyone to access the treasure trove of data without any password or even the simplest form of security authentication.

According to Website Planet’s report, the exposed bucket included PII and payment data of Bizongo’s Bizongo. These included the following:

Full names
Phone numbers
Billing addresses
Delivery Addresses
Shipping and tracking numbers
Billing details with clients’ financial details

Sample files in the data leak

Image: Website Planet

How big exactly is Bizongo?

Bizongo is an online packaging marketplace with a vast network of over 400 clients spanning a multitu ..