Data Leak — B2B eCommerce Platform Bizongo

What we know so far about the Bizongo.com data breach

Ned Poplaski (CISSP)
1 min readApr 24, 2021
From the bizongo.com site

A quick look at yet another data leak from an online eCommerce site — Bizongo.com . The news is still unfolding — So this post will be updated in the coming days.

  • Who : Bizongo.com ( a B2B supply chain automation platform ) — registered as Smartpaddle Technology Pvt. Ltd., located in India. Has big Retail eCommerce clients like Flipkart, Amazon, Swiggy, Zomato etc as clients.
  • How big : 2.5 million files carrying customer data ( names, phone numbers, billing and delivery address of customers ) 643GB of data.
  • When did it happen : As early as December 2020
  • What was the exploit : Leak happened through a mis-configured AWS S3 bucket owned by Bizongo.
  • Implications : Definitely a credibility loss and should result in an internal enquiry about the efficacy of their Cyber Security team ( or the lack of )

Links

Bizongo Data Leak Exposed Details of Customers Making Online Purchases: Researchers

--

--

Ned Poplaski (CISSP)

I share news and Lessons to make possible a safer cyber experience. cyber security educator. ex-McAfee, Consultant snyk.io,sonatype.