We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Over 1 Million Records of Data from Several Israeli Delivery Companies Leaked on Forums

vpnMentor Research Team Cybersecurity and Research Lab

The vpnMentor cybersecurity team recently stumbled upon over 50GB of personal data listed on the clear web. The information belonged to the customers and employees of at least 29 Israeli transportation and forwarding companies, according to the post.

A group of hackers listed the trove of data for sale on two separate online forums on November 26th and 27th, 2022. The exposed data includes people’s contact information and shipment details.

We assume the group potentially breached a single point of failure in a software provider to gain unauthorized access to a supply chain of different logistics companies, exfiltrating a range of personal data and shipping records in the process.This theory would explain the wide range of companies exposed.

According to the posts, visitors could buy a dataset of customer and employee information, taken from one of the leaked companies, for the price of 1BTC (equivalent to around US$17,000 at the time of writing). Interestingly, graphics accompanying each of the hackers’ posts suggested the databases were part of a Black Friday sale.

A graphic referencing Black Friday accompanied the hackers’ postsA graphic referencing Black Friday accompanied the hackers’ posts

The group listed 1.1 million records for sale in total. They only shared a small sample of data in the forum. As such, our researchers could not accurately determine whether each exposed record affects 1 person, or whether more or less than 1.1 million individuals are impacted by this breach. Note that we only analyzed sample files to verify the data in accordance with ethical standards and our data privacy rules.

You can see the posts, featuring lists of the companies affected, in the screenshots below.

The group of hackers also posted screenshots that revealed the type of data exposed in the breach.

Employees’ exposed data included:

  • Full names
  • Addresses*
  • Phone numbers

*We’re uncertain whether exposed employee addresses are home or work addresses.

Customers’ exposed data included:

  • Full names
  • Shipping details (incl. sender’s address, receiver’s address, phone numbers, no. of packages, and more)

You can see evidence of datasets containing customers’ and employees’ information below.

Notably, some Israeli delivery companies suffered cyberattacks in recent days. According to the Israeli government’s cyber bodies, Iranian actors potentially caused these other attacks. However, we don’t know if these other incidents are linked to the data we found online.

Potential Impacts

Criminals could use shipping records to intercept valuable packages, and threaten, trick, or blackmail courier employees into handing them over. Cybercriminals could also use personal details like full names, addresses, and contact information to target people with phishing attacks and scams.

What Should You Do if You Think You’re Affected?

You may want to take some steps to protect yourself if you’ve used one of the compromised logistics services, or you fear that your data has been leaked.

You should ignore any suspicious SMS messages and calls and avoid providing personal information over the phone. Only give out your personal data to a trusted source for a legitimate reason. To avoid falling victim to attacks, educate yourself about phishing attacks, scams, malware, and other forms of cybercrime.

What Are Unethical Hackers Sharing Online and Why Should You Care?

Although data breaches in Telegram groups and darknet forums have become familiar occurrences, it's worth noting that hackers also operate in plain sight. Communicating through the clearnet, they exchange information, coordinate cyberattacks, and discuss data breaches.

Hackers use anonymous forums and text channels to post about cyberattacks and data breaches, often long before the incidents are publicly known. Our cybersecurity researchers scour these online spaces to find out about the latest data leaks. By reporting on them, we’re able to inform potentially affected parties earlier so that they can act quickly to protect their data.

We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

About the Author

vpnMentor Research Lab is a pro bono service that strives to help the online community defend itself against cyber threats while educating organizations on protecting their users’ data.
Our ethical security research team has discovered and disclosed some of the most impactful data breaches in recent years.

Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
out of 10 - Voted by users
Thank you for your feedback