A severe data breach has exposed 14 million private shipping records from the company Hipshipper, including their customer’s personal details.

Since Hipshipper lends its services to major online retailers, including eBay and Amazon, a large data breach can have rippling consequences, such as exposing customers to phishing scams and malware attacks.

Researchers with Cybernews first discovered the open instance in December during the company’s busiest period. The instance was open for anyone to view, including researchers and threat actors. The leaked data contained very sensitive personal data from customers, including full names, addresses, phone numbers, and order details.

“Cybercriminals can exploit leaked data to orchestrate advanced scams and phishing attacks. For example, crooks may impersonate trusted businesses and distribute fraudulent messages that leverage specific order details to demand urgent verification of personal or financial information,” researchers said.

They explained that hackers use everything they can learn about you from data breaches to personalize their phishing attacks.

“Revealing personal details may even pose risks to physical safety,” researchers said. “Criminals could use this information for stalking, harassment, or planning burglaries. Furthermore, attackers may compile and use leaked data for financial or personal gain, often subjecting victims to harassment, reputational damage, or other harmful actions.”

Data breaches also have direct impacts on a company’s partners. In this case, Hipshipper works alongside Amazon and eBay, so a data breach could impact either of those companies’ bottom lines.

Fortunately, there is no evidence that criminals have already used the open instance to steal data. That doesn’t mean that none have, however. It’s common for threat actors to employ far-reaching bots that automatically scrape data from wherever they can find it. Because of this, governments have created strict regulations for data management.