Bizongo, the business-to-business platform for supply chain automation, reportedly exposed 2.5 million files carrying customer data, according to security researchers. The exposed data is said to have included names, addresses, and phone numbers of various customers who were getting orders via the Mumbai-based company. In some cases, the researchers found bills containing purchase details and financial information of Bizongo clients. The company has Amazon, Flipkart, Myntra, Swiggy, and Zomato among the clients using its B2B supply chain and vendor management solutions.
The security team at Web development firm Website Planet allegedly discovered a misconfigured Amazon Web Services (AWS) S3 bucket owned by Bizongo that was leaking data in late December. The bucket included two different file types — customer bills and shipping labels.
According to the researchers, there were a total of 2,532,610 files that were exposed due to the misconfiguration — amounting 643GB of data.
The exposed data is said to include the names, billing and delivery addresses, and phone numbers of customers getting deliveries via Bizongo. Financial details of some customers and business clients were also a part of the misconfigured bucket, as per the researchers.
Bizongo was informed about the leaking data by the Website Planet team on December 30. The company did not provide a response regarding the issue, though the server misconfiguration was found fixed on January 8.
In March, Gadgets 360 reached out to Bizongo co-founder and CEO Aniket Deb to understand the data breach that was informed by the Website Planet researchers. The executive, however, didn’t get back until the time of publishing this story.
“With clear examples of branded shipping labels and customer receipts, finding the owner of the breached database was reasonably straightforward. All of the exposed data was identified as accurate, with the data belonging to real individuals,” the Website Planet wrote in a blog post.
Gadgets 360 wasn’t able to independently verify the accuracy of the exposed details. It is also unclear whether the exposed data was accessed by a bad actor until the issue got fixed.
The details available on the Bizongo website show that there are more than 70 e-commerce companies and over 50 food and beverage companies that work with the B2B platform. Amazon, Firstcry, Flipkart, Myntra, Swiggy, and Zomato are among the companies using its solutions that cater to areas such as artwork management, distribution, inventory management, and packaging sourcing.
Founded in 2015, Bizongo is backed by investors including Schroder Adveq, Accel, B Capital, Chiratae Ventures, and IFC. It reportedly raised $9.3 million (roughly Rs. 70.11 crores) in January.