Home / Technology / Hackers Exploit Shipping Giant's Weak Security
Hackers Exploit Shipping Giant's Weak Security
14 Jan
Summary
- Security researchers found critical vulnerabilities in Bluspark's shipping platform.
- Plaintext passwords and remote access flaws exposed decades of customer data.
- Researchers struggled to contact Bluspark, leading to delayed vulnerability fixes.
For the past year, security experts have warned the shipping industry about escalating cyber threats. Now, simple vulnerabilities in Bluspark Global's Bluvoyix platform, used by numerous major companies, have been exposed. These flaws, discovered in October, included plaintext passwords and remote access to sensitive shipping data, potentially dating back decades. Researchers faced difficulties notifying Bluspark, underscoring a systemic problem in the industry for reporting security weaknesses.
Security researcher Eaton Zveare uncovered five critical flaws, including the ability to create new administrator accounts without authentication. Despite attempts to contact Bluspark through various channels, including the Maritime Hacking Village, a response was not immediate. The situation escalated after Zveare alerted TechCrunch, which then directly contacted Bluspark's CEO and a customer, eventually prompting a response from the company's legal representatives.
Bluspark confirmed on January 14, 2026, that most identified flaws have been remediated and they are undergoing a third-party assessment. The company stated there is no indication of customer impact or malicious activity due to the vulnerabilities. Bluspark also plans to implement a formal bug disclosure program.
