Bizongo data leaked details of a customer for online purchases

User 😔 details leak online why? 

Facebook, Linkedin, Clubhouse, and today Bizongo 

The security team at web development company Website Planet reportedly discovered a misconfigured Amazon Web Services (AWS) S3 bucket owned by Bizongo in late December.

According to security researchers, the Bizongo business-to-business platform, used for supply chain automation, exposed 2.5 million files containing customer data. The public data reportedly included the names, addresses, and phone numbers of several customers who obtained orders through the Mumbai company. In some cases, investigators found that the invoices contained purchase details and financial information for Bizongo customers. 

The company’s customers using B2B supply chain and supplier management solutions include Amazon, Flipkart, Myntra, Swiggy, and Zomato. Apparently, the security team at web development company Website Planet discovered a misconfigured Amazon Web Services (AWS) S3 bucket owned by Bizongo. That was the data breach in late December. The warehouse contains two different types of files: customer invoices and shipping labels. According to the researchers, a total of 2,532,610 files were leaked due to configuration errors, a total of 643 GB of data. 

The billing and shipping address, as well as the phone number of the customer who makes the shipment through Bizongo. According to the researchers, the financial details of some clients and business clients are also part of the misconfiguration. Bizongo was informed of the leaked data by the Website Planet team on December 30. Despite this, the company did not provide any response. Incorrect server configuration was found to be fixed on Jan 8. 

In March, Widget 360 contacted Aniket Deb, co-founder, and CEO of Bizongo, to learn of the data breach reported by researchers at the Planet website. However, the executives did not return until the story was released. “With a clear example of branded shipping labels and customer receipts, finding the owner of the compromised database is pretty simple. 

The Planet website wrote in a blog post that all public data has been determined to be accurate. and that the data belongs to real people. Widget 360 cannot independently verify the accuracy of the details disclosed. It is not clear if the exposed data was accessed by any villain before the problem is resolved. 

Detailed information on the website from Bizongo shows that there are more than 70 e-commerce companies cooperating with B2B More than 50 platforms for food and beverage companies. 

Amazon, Firstcry, Flipkart, Myntra, Swiggy and Zomato are among the companies using their solutions, which can meet the needs of art management, distribution, inventory management, and packaging procurement.

Leave a Comment

Your email address will not be published.