**Major US Shipping Platform Left Customer Data Wide Open to Hackers**

A major U.S. shipping platform has been left vulnerable to hackers, exposing customer data and shipment records for months.

The company at the center of this incident is Bluspark Global, a New York-based firm whose Bluvoyix platform is used by hundreds of companies to manage and track freight moving around the world. While Bluspark isn't a household name, its software supports a large slice of global shipping, including major retailers, grocery chains, and manufacturers.

For months, Bluspark's systems reportedly contained basic security flaws that effectively left its shipping platform exposed to anyone on the internet. According to the company, five vulnerabilities were eventually fixed, including the use of plaintext passwords and the ability to remotely access and interact with the Bluvoyix platform. These flaws could have given attackers access to decades of shipment records and customer data.

Bluspark says those issues are now resolved. But the timeline leading up to the fixes raises serious concerns about how long the platform was vulnerable and how difficult it was to alert the company in the first place.

**How a Researcher Uncovered the Flaws**

Security researcher Eaton Zveare discovered the vulnerabilities in October while examining the website of a Bluspark customer. What started as a routine look at a contact form quickly escalated. By viewing the website's source code, Zveare noticed that messages sent through the form passed through Bluspark's servers using an application programming interface (API). From there, things unraveled fast.

The API's documentation was publicly accessible and included a built-in feature that allowed anyone to test commands. Despite claiming authentication was required, the API returned sensitive data without any login at all. Zveare was able to retrieve large amounts of user account information, including employee and customer usernames and passwords stored in plaintext.

Worse, the API allowed the creation of new administrator-level accounts without proper checks. That meant an attacker could grant himself full access to Bluvoyix and view shipment data going back to 2007. Even security tokens designed to limit access could be bypassed entirely.

**Why it Took Weeks to Fix Critical Shipping Security Flaws**

One of the most troubling parts of this story isn't just the vulnerabilities themselves, but how hard it was to get them fixed. Zveare spent weeks trying to contact Bluspark after discovering the flaws, sending emails, voicemails, and even LinkedIn messages without success.

With no clear vulnerability disclosure process in place, Zveare eventually turned to Maritime Hacking Village, which helps researchers notify companies in the shipping and maritime industries. When that failed, he contacted the press as a last resort. Only after that did the company respond, through its legal counsel.

**A Warning for Businesses**

Incidents like this highlight how many companies still lack clear, public ways for researchers to report vulnerabilities responsibly. Do you think companies that quietly power global supply chains are doing enough to protect themselves from cyber threats?

The incident also underscores the importance of robust security measures in the shipping industry, particularly when it comes to protecting customer data and shipment records.

**10 Ways You Can Stay Safe When Cyberattacks Hit Supply Chains**

Hackers can break into a shipping or logistics platform without you ever realizing your data was involved. Here are 10 ways to stay safe:

1. **Watch for delivery-related scams and fake shipping notices**: After supply chain breaches, criminals often send phishing emails or texts pretending to be shipping companies, retailers, or delivery services. 2. **Use a password manager to protect your accounts**: If attackers gain access to customer databases, they often try the same login details on shopping, email, and banking accounts. 3. **Reduce your exposed personal data online**: Personal data removal services can help reduce how much of your information is publicly available, making it harder for criminals to target you with convincing scams. 4. **Run strong antivirus software on your devices**: Strong antivirus software can block malicious links, fake shipping pages, and malware-laced attachments that often follow high-profile breaches. 5. **Enable two-factor authentication wherever possible**: Two-factor authentication makes it much harder for attackers to take over accounts, even if they have your password. 6. **Review your account activity and delivery history**: Check your online shopping accounts for unfamiliar orders, address changes, or saved payment methods you don't recognize. 7. **Place a free credit freeze to stop new fraud**: If your name, email, or address was exposed, consider placing a credit freeze with the major credit bureaus. 8. **Lock down your shipping and retailer accounts**: Review the security settings on major shopping and delivery accounts, including retailers, grocery services, and shipping providers. 9. **Businesses should review third-party logistics access**: Limit administrative permissions, rotate API keys regularly, and confirm vendors have a clear vulnerability disclosure process. 10. **Supply chain security depends on more than just your own systems**: Shipping platforms sit at the intersection of physical goods and digital systems, making them attractive targets for cybercriminals.

**Click Here to Download the FOX News App**

Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

**Stay Informed with My Latest Cybersecurity News**

Got a tech question? Get Kurt's free CyberGuy Newsletter, share your voice, or story idea at CyberGuy.com. Stay up-to-date on the latest cybersecurity news and trends by subscribing to my daily newsletter.