This study reveals a widespread privacy risk wherein mainstream e-commerce platforms indiscriminately leak sensitive personal information to third-party entities (e.g., Facebook) even during lightweight user interactions—such as page browsing—enabling cross-site, holistic user profiling. Method: We propose the first semi-automated empirical framework for cross-platform privacy leakage analysis, integrating HTTP traffic monitoring, third-party domain tracking, and behavioral log correlation modeling to enable reproducible, quantitative assessment. Contribution/Results: Empirical evaluation identifies that 30% of sampled e-commerce sites engage in non-compliant data sharing; we precisely identify 12 high-risk third-party recipients; and we provide the first empirical evidence that lightweight interactions across multiple sites suffice to trigger full-dimensional user profile linkage. Our findings deliver verifiable technical evidence and an objective evaluation benchmark to inform regulatory oversight and platform compliance remediation.

In the digital age, e-commerce has transformed the way consumers shop, offering convenience and accessibility. Nevertheless, concerns about the privacy and security of personal information shared on these platforms have risen. In this work, we investigate user privacy violations, noting the risks of data leakage to third-party entities. Utilizing a semi-automated data collection approach, we examine a selection of popular online e-shops, revealing that nearly 30% of them violate user privacy by disclosing personal information to third parties. We unveil how minimal user interaction across multiple e-commerce websites can result in a comprehensive privacy breach. We observe significant data-sharing patterns with platforms like Facebook, which use personal information to build user profiles and link them to social media accounts.