Security Risks in Logistics APIs Used by E-Commerce Platforms <\/title> <link href=\"https:\/\/fonts.googleapis.com\/css?family=Open+Sans:300,300i,400,400i,600\" rel=\"stylesheet\">\n<link href=\"\/\/customer.cludo.com\/css\/296\/1798\/cludo-search.min.css\" type=\"text\/css\" rel=\"stylesheet\"> <link rel=\"stylesheet\" href=\"\/etc.clientlibs\/trendresearch\/clientlibs\/clientlib-trendresearch.min.css\" type=\"text\/css\"> <meta property=\"og:url\" content=\"https:\/\/www.trendmicro.com\/en_us\/research\/22\/i\/security-risks-in-logistics-apis-used-by-e-commerce-platforms-.html\"><br \/>\n<meta property=\"og:title\" content=\"Security Risks in Logistics APIs Used by E-Commerce Platforms \"><br \/>\n<meta property=\"og:site_name\" content=\"Trend Micro\"><br \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/logistics_thumb_641by350.png\"><br \/>\n<meta property=\"og:locale\" content=\"en_US\"> <meta name=\"twitter:card\" content=\"summary_large_image\"><br \/>\n<meta name=\"twitter:site\" content=\"@TrendMicro\"><br \/>\n<meta name=\"twitter:title\" content=\"Security Risks in Logistics APIs Used by E-Commerce Platforms \"><br \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/logistics_thumb_641by350.png\"> <\/head> <body class=\"articlepage page basicpage context-business\" id=\"readabilityBody\" readability=\"50.779742903977\">  <a id=\"page-scroll\" title=\"VerticalPageScroll\" href=\"javascript:jumpScroll($(this).scrollTop());\"> <span class=\"icon-chevron-up\"><\/span> <\/a>  <\/p>\n<div class=\"root responsivegrid\">\n<div class=\"aem-Grid aem-Grid--12 aem-Grid--default--12 \">\n<div class=\"articleBodyNoHero aem-GridColumn aem-GridColumn--default--12\">\n<div class=\"research-layout article container\" role=\"contentinfo\">\n<article class=\"research-layout--wrapper row\" data-article-pageid=\"1748286514\">\n<div class=\"col-xs-12 col-md-12 one-column\">\n<div class=\"col-xs-12 col-md-12\" readability=\"11.782696177062\">\n<div class=\"article-details\" role=\"heading\" readability=\"43.203219315895\"> <span class=\"article-details__bar\" role=\"img\"><\/span> <\/p>\n<p class=\"article-details__description\">Our research examines the security flaws that we found in the logistics API implementation of e-commerce platforms that can potentially expose the consumers\u2019 personal information. We discuss the security risks that such flaws present for software engineers, e-commerce platform providers, and consumers. <\/p>\n<p class=\"article-details__author-by\">By: Ryan Flores, Charles Perine, Lord Alfred Remorin, Roel Reyes <time class=\"article-details__date\">September 20, 2022<\/time> <span>Read time: <\/span><span class=\"eta\"><\/span> (<span class=\"words\"><\/span> words) <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<hr class=\"research-layout-divider\"> <main class=\"main--content col-xs-12 col-md-8 col-md-push-2\"> <\/p>\n<div class=\"richText\" readability=\"44.755491881566\">\n<div readability=\"37.137535816619\">\n<p>The connectivity that we\u2019ve experienced of late has improved at an unprecedented speed and scale largely because application programming interfaces (APIs) enable the seamless integration of different systems from different entities. APIs integrate data and services between businesses and third-party vendors to address various market needs, enhance the provision of services, and obtain consumer insights, thus driving the significant growth of e-commerce in recent years. <\/p>\n<p>If API integration is improperly implemented, the risk of leaking personally identifiable information (PII) could arise. Many verticals that use API communication should be sufficiently secured especially when sensitive data is being transmitted. Otherwise, inadvertent PII leakage can lead to serious consequences not only for organizations that fail to fulfill their legal or compliance obligations but also for consumers whose PII is exposed. Our research paper, <a href=\"https:\/\/documents.trendmicro.com\/assets\/white_papers\/wp-examining-the-security-risks-in-logistics-apis-used-by-online-shopping-platforms.pdf\" target=\"_blank\" rel=\"noopener\">\u201cExamining Security Risks in Logistics APIs Used by Online Shopping Platforms,\u201d<\/a> looks more closely at e-commerce and logistics, two markets that have significantly expanded during the pandemic.<\/p>\n<p>The e-commerce segment showed <a href=\"https:\/\/blogs.worldbank.org\/psd\/how-pandemic-induced-boom-e-commerce-can-reshape-financial-services\" target=\"_blank\" rel=\"noopener\">steady growth<\/a> even before the pandemic happened, but Covid-19 gave it a forceful push as everyone tried to work around movement restrictions to comply with government-imposed lockdowns. This resulted in a massive shift to e-commerce platforms to access goods and services, so the surge in demand exerted pressure on online merchants to ensure the timeliness of deliveries.<\/p>\n<p>External logistics providers address the merchants\u2019 logistical needs by managing this aspect of the supply chain process, which is done either partially or through a complete logistics solution. It can be a simple courier service that merchants use to deliver products (a second-party logistics or 2PL), or a third-party logistics (3PL) service comprised of warehousing, fulfillment, and delivery of products. Figure 1 (retrieved <a href=\"https:\/\/www.shopify.com\/enterprise\/third-party-logistics-3pl\">here<\/a>) shows how an external logistics provider works in different use cases. <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a class=\"bs-modal\" id=\"1a7105\" data-modal-title=\"Figure 1. How an external logistics provider functions in different use cases\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/i\/security-risks-in-logistics-apis-used-by-e-commerce-platforms-\/logistics01.jpg\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/i\/security-risks-in-logistics-apis-used-by-e-commerce-platforms-\/logistics01.jpg\" alt=\"Figure 1. How an external logistics provider functions in different use cases\"> <\/a><figcaption>Figure 1. How an external logistics provider functions in different use cases (click on image to enlarge)<\/figcaption><\/figure>\n<\/p><\/div>\n<div>\n<div class=\"richText\" readability=\"47.5\">\n<div readability=\"40\">\n<p>Initially, we investigated 3PL and 4PL providers that were unwittingly exposing PII through unsecure methods. However, as the research progressed, we also discovered that, aside from 3PL and 4PL providers that leave sensitive information exposed, services that were already integrated into their systems also had security vulnerabilities of their own, thus compounding the risks for the entire e-commerce ecosystem. E-commerce platforms allow merchants to integrate existing external logistics providers through APIs to consolidate different services into one platform. API keys and authentication keys that e-commerce platforms and logistics providers share are supposedly meant to facilitate a secure channel for communication.<\/p>\n<p>There are many ways that PII is exposed from logistics API implementation that are related to unsecure coding practices. We discuss some of them in the following section.<\/p>\n<p><b>URL query parameters<\/b><\/p>\n<p>One of the coding practices that inadvertently exposes PII involves URL query parameters in e-commerce platforms and logistics APIs. E-commerce platforms usually require customers to log in to an account or choose a guest checkout option. Some online shopping websites use unique URLs that they send to the users through email or SMS which redirects them to the website where the order information can be accessed.<\/p>\n<p>The presumption that the combined use of a unique URL sent to an email address or phone number owned by the recipient sufficiently protects PII is problematic as this engenders a false sense of security. Our study shows that unauthorized parties can still retrieve a customer\u2019s PII by directly accessing a URL without the need for further authentication.<\/p>\n<p><b>Authentication keys in URL parameters<\/b><\/p>\n<p>When consumers place an order in an online store, the store sends them a confirmation email with a URL link and the authentication key on the URL parameter to view the order details. This key is used to verify if the user checking the order page is the recipient of the email. The order page contains information such as the customer\u2019s name, email address, phone number, and payment method. <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/i\/security-risks-in-logistics-apis-used-by-e-commerce-platforms-\/logistics02.png\" alt=\"Figure 2. The customer\u2019s PII is displayed despite the lack of proper authentication.\"><figcaption>Figure 2. The customer\u2019s PII is displayed despite the lack of proper authentication.<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"34.538189533239\">\n<div readability=\"17.032531824611\">\n<p>The practice of passing authentication keys as part of the URL parameter can leak PII given that such keys can still be retrieved using other means such as accessing the user\u2019s browsing history and router logs. The use of unencrypted URL query parameters makes the PII susceptible to <a href=\"https:\/\/owasp.org\/www-community\/vulnerabilities\/Information_exposure_through_query_strings_in_url\" target=\"_blank\" rel=\"noopener\">sniffing and man-in-the-middle attacks<\/a>.<\/p>\n<p><b>Unauthenticated 3PL APIs<\/b><\/p>\n<p>While the basic components of a 3PL service that online retailers use include processing of orders, shipping, and tracking, we also found a 3PL provider\u2019s API (referred to as Company X on Figure 3) disclosing PII through an unauthenticated API service. This API service is being used by four other 3PL providers to display customers\u2019 order information.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/i\/security-risks-in-logistics-apis-used-by-e-commerce-platforms-\/logistics03.jpg\" alt=\"Figure 3. Four 3PL companies using another 3PL company\u2019s API to retrieve order and tracking information\"><figcaption>Figure 3. Four 3PL companies using another 3PL company\u2019s API to retrieve order and tracking information<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"33\">\n<div readability=\"11\">\n<p>When we inspected the order information page through the URL link provided by one of the four 3PL providers and checked the HTTP request made to view the order details, we discovered that the page we were viewing was making an HTTP request in the background to another 3PL provider to obtain the order details. <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a class=\"bs-modal\" id=\"502b74\" data-modal-title=\"Figure 4. Data retrieved from an API request shows a full set of customer information\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/i\/security-risks-in-logistics-apis-used-by-e-commerce-platforms-\/logistics04.png\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/i\/security-risks-in-logistics-apis-used-by-e-commerce-platforms-\/logistics04.png\" alt=\"Figure 4. Data retrieved from an API request shows a full set of customer information\"> <\/a><figcaption>Figure 4. Data retrieved from an API request shows a full set of customer information (click on image to enlarge)<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"37.538194444444\">\n<div readability=\"20.744791666667\">\n<p>We scrutinized the URL parameters of the URL for the order information page. One of the API requests made in the background used an unauthenticated method to verify API requests, which returned a full set of information about the customer and the purchased items. Therefore, anyone who has access to the order information URL can reconstruct the URL to retrieve a customer\u2019s PII. <\/p>\n<p><b>Sessions and cookies with expiration set beyond the recommended duration<\/b><\/p>\n<p>Another unsecure coding practice is the use of session and cookies with improperly set expiration dates by some 3PL providers. We observed many instances of noncompliance by 3PL providers with the best security practices specific to the use of sessions and cookies to regulate authentication. This method is one of the <a href=\"https:\/\/owasp.org\/www-project-api-security\/\" target=\"_blank\" rel=\"noopener\">best practices<\/a> that the Open Web Application Security Project\u2019s (OWASP) has recommended, although session time to live (TTL) should always expire as soon as the transaction is completed or right after the user quits the connection. Malicious actors can use the detected cookie key to replay transactions and obtain PII, which they can exploit to launch malicious schemes. <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <a class=\"bs-modal\" id=\"7ee130\" data-modal-title=\"Figure 5. The list shows cookies with expiration dates set beyond the OWASP-recommended duration, thus making the cookie information available for malicious actors to replay a transaction.\" href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/i\/security-risks-in-logistics-apis-used-by-e-commerce-platforms-\/logistics05.png\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/i\/security-risks-in-logistics-apis-used-by-e-commerce-platforms-\/logistics05.png\" alt=\"Figure 5. The list shows cookies with expiration dates set beyond the OWASP-recommended duration, thus making the cookie information available for malicious actors to replay a transaction.\"> <\/a><figcaption>Figure 5. The list shows cookies with expiration dates set beyond the OWASP-recommended duration, thus making the cookie information available for malicious actors to replay a transaction. (click on image to enlarge)<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"41.512383900929\">\n<div readability=\"28.663312693498\">\n<p>The lure of leaked PII, its potential use for malevolent purposes, and the crucial role that APIs play in e-commerce strongly justify the need for stakeholders to adopt a deliberate approach to ensure the security of logistics API implementation.<\/p>\n<p>The followin<b><\/b>g are some of the recommendations provided in our research paper on how coding practices can be improved.<\/p>\n<p><b>1. Session and cookie expiration<\/b><\/p>\n<p>Session expiration determines when to terminate a session\u2019s authenticated connection to the server. By default, it is set to one day or the session is terminated after users cease their connection to the site. The same mechanism applies to cookie expiration. <a href=\"https:\/\/owasp.org\/www-community\/Session_Timeout\">Session timeout<\/a> should be activated once the user is no longer performing any action on the website to prevent expired cookies from being reused.<\/p>\n<p><b>2. Excessive data exposure<\/b><\/p>\n<p>Excessive data exposure happens when data beyond what the transaction requires is exposed. Some developer implementations send all the information of a transaction rather than what is just needed to complete a transaction. This creates a situation in which data is exposed to accounts with access restrictions or limited privileges. Leaked data from logistics API can be used for scams or fraud. <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/i\/security-risks-in-logistics-apis-used-by-e-commerce-platforms-\/logistics06.png\" alt=\"Figure 6. Exposing excessive information from an API response \"><figcaption>Figure 6. Exposing excessive information from an API response (click on image to enlarge)<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"45.48106365834\">\n<div readability=\"36.582594681708\">\n<p>Developers should adopt the <a href=\"https:\/\/github.com\/OWASP\/API-Security\/blob\/master\/2019\/en\/src\/0xa3-excessive-data-exposure.md\">practice<\/a> of discerning essential customer information needed for a transaction and classifying its risk level.<\/p>\n<p><b>3. Broken Object Level Authorization<\/b><\/p>\n<p>Typically implemented at the coding stage, object level authorization is an access control strategy done to ensure that only authorized users gain access to objects. Object level authorization checks should be implemented in every API endpoint that receives an object’s ID and performs any type of operation on the object. The tests ensure that the logged-in user has permission to perform the operation on the requested object.<\/p>\n<p>A more secure practice when handling PII is to encrypt the data and require user authentication before granting access. When using 3PL API Integration, PII should be adequately protected when sharing it with 3PL-affiliated suppliers. There are many different authentication algorithms that can be used to safeguard API transactions. Tokens such as <a href=\"https:\/\/docs.aws.amazon.com\/apigateway\/latest\/developerguide\/http-api-jwt-authorizer.html\">JSON Web Token<\/a> (JWT) or custom tokens generated using <a href=\"https:\/\/docs.saltproject.io\/en\/latest\/ref\/modules\/all\/salt.modules.hashutil.html\">base64<\/a> encoded with salt are essential to secure API calls.<\/p>\n<p>In sum, developers should bear in mind what data should be given throughout the transaction and what authentication measures should be in place.<\/p>\n<p>Consumers play an equally important role in minimizing the risk of PII exposure. The following security practices can help them keep their PII safe:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Properly discard delivery packaging and make sure that the labels with PII are shredded or obfuscated so malicious actors can no longer read them.<br \/><\/span><\/li>\n<li><span class=\"rte-red-bullet\">Delete browsing history especially on public or shared devices.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Avoid the installation of unknown browser extensions to web browsers that can read and collect unencrypted URL query strings.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Use legitimate virtual private networks (VPNs) when on public Wi-Fi networks to reduce the exposure of personal data.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Implement two-factor or multi-factor authentication for e-commerce platforms and other sites that require users to input PII.<\/span><\/li>\n<\/ul>\n<p>While business owners do not exercise direct control over the security implementation of the e-commerce platforms and logistics services that they choose, the security flaws we identified need to be tackled early on to thrive. Therefore, businesses that seek long-term success should take it upon themselves to ensure that API services are consistently and thoroughly audited, and developers of e-commerce platforms and logistics providers adopt industry best practices.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<section class=\"tag--list\">\n<p>Tags<\/p>\n<\/section>\n<p> <\/main> <\/article>\n<\/div>\n<\/div><\/div>\n<\/div>\n<p>   <\/p>\n<p> <span>sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk<\/span> <\/p>\n<p>   <\/body> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/22\/i\/security-risks-in-logistics-apis-used-by-e-commerce-platforms-.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Our research examines the security flaws that we found in the logistics API implementation of e-commerce platforms that can potentially expose the consumers\u2019 personal information. We discuss the security risks that such flaws present for software engineers, e-commerce platform providers, and consumers. Read More HERE…<\/p>\n","protected":false},"author":2,"featured_media":48515,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9520,9555,10202,9509],"class_list":["post-48514","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-cloud","tag-trend-micro-research-exploitsvulnerabilities","tag-trend-micro-research-medium","tag-trend-micro-research-research"],"yoast_head":"\n<title>Security Risks in Logistics APIs Used by E-Commerce Platforms 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/security-risks-in-logistics-apis-used-by-e-commerce-platforms\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security Risks in Logistics APIs Used by E-Commerce Platforms 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/security-risks-in-logistics-apis-used-by-e-commerce-platforms\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-09-20T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/logistics_thumb_641by350.png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-risks-in-logistics-apis-used-by-e-commerce-platforms\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-risks-in-logistics-apis-used-by-e-commerce-platforms\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Security Risks in Logistics APIs Used by E-Commerce Platforms\",\"datePublished\":\"2022-09-20T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-risks-in-logistics-apis-used-by-e-commerce-platforms\\\/\"},\"wordCount\":1737,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-risks-in-logistics-apis-used-by-e-commerce-platforms\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/09\\\/security-risks-in-logistics-apis-used-by-e-commerce-platforms.jpg\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Cloud\",\"Trend Micro Research : Exploits&Vulnerabilities\",\"Trend Micro Research : Medium\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-risks-in-logistics-apis-used-by-e-commerce-platforms\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-risks-in-logistics-apis-used-by-e-commerce-platforms\\\/\",\"name\":\"Security Risks in Logistics APIs Used by E-Commerce Platforms 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-risks-in-logistics-apis-used-by-e-commerce-platforms\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-risks-in-logistics-apis-used-by-e-commerce-platforms\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/09\\\/security-risks-in-logistics-apis-used-by-e-commerce-platforms.jpg\",\"datePublished\":\"2022-09-20T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-risks-in-logistics-apis-used-by-e-commerce-platforms\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-risks-in-logistics-apis-used-by-e-commerce-platforms\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-risks-in-logistics-apis-used-by-e-commerce-platforms\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/09\\\/security-risks-in-logistics-apis-used-by-e-commerce-platforms.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/09\\\/security-risks-in-logistics-apis-used-by-e-commerce-platforms.jpg\",\"width\":1123,\"height\":1525},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/security-risks-in-logistics-apis-used-by-e-commerce-platforms\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Security Risks in Logistics APIs Used by E-Commerce Platforms\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n","yoast_head_json":{"title":"Security Risks in Logistics APIs Used by E-Commerce Platforms 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/security-risks-in-logistics-apis-used-by-e-commerce-platforms\/","og_locale":"en_US","og_type":"article","og_title":"Security Risks in Logistics APIs Used by E-Commerce Platforms 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/security-risks-in-logistics-apis-used-by-e-commerce-platforms\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-09-20T00:00:00+00:00","og_image":[{"url":"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/logistics_thumb_641by350.png","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/security-risks-in-logistics-apis-used-by-e-commerce-platforms\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/security-risks-in-logistics-apis-used-by-e-commerce-platforms\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Security Risks in Logistics APIs Used by E-Commerce Platforms","datePublished":"2022-09-20T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/security-risks-in-logistics-apis-used-by-e-commerce-platforms\/"},"wordCount":1737,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/security-risks-in-logistics-apis-used-by-e-commerce-platforms\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/09\/security-risks-in-logistics-apis-used-by-e-commerce-platforms.jpg","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : Cloud","Trend Micro Research : Exploits&Vulnerabilities","Trend Micro Research : Medium","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/security-risks-in-logistics-apis-used-by-e-commerce-platforms\/","url":"https:\/\/www.threatshub.org\/blog\/security-risks-in-logistics-apis-used-by-e-commerce-platforms\/","name":"Security Risks in Logistics APIs Used by E-Commerce Platforms 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/security-risks-in-logistics-apis-used-by-e-commerce-platforms\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/security-risks-in-logistics-apis-used-by-e-commerce-platforms\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/09\/security-risks-in-logistics-apis-used-by-e-commerce-platforms.jpg","datePublished":"2022-09-20T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/security-risks-in-logistics-apis-used-by-e-commerce-platforms\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/security-risks-in-logistics-apis-used-by-e-commerce-platforms\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/security-risks-in-logistics-apis-used-by-e-commerce-platforms\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/09\/security-risks-in-logistics-apis-used-by-e-commerce-platforms.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/09\/security-risks-in-logistics-apis-used-by-e-commerce-platforms.jpg","width":1123,"height":1525},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/security-risks-in-logistics-apis-used-by-e-commerce-platforms\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"Security Risks in Logistics APIs Used by E-Commerce Platforms"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/48514","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=48514"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/48514\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/48515"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=48514"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=48514"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=48514"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":48514,"date":"2022-09-20T00:00:00","date_gmt":"2022-09-20T00:00:00","guid":{"rendered":"urn:uuid:a5f823a9-cf43-7294-9d09-c5adbfbd6fdf"},"modified":"2022-09-20T00:00:00","modified_gmt":"2022-09-20T00:00:00","slug":"security-risks-in-logistics-apis-used-by-e-commerce-platforms","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/security-risks-in-logistics-apis-used-by-e-commerce-platforms\/","title":{"rendered":"Security Risks in Logistics APIs Used by E-Commerce Platforms"},"content":{"rendered":"