Skip to main content
https://www.highperformancecpmgate.com/rgeesizw1?key=a9d7b2ab045c91688419e8e18a006621

Vistaprint left a customer service database unprotected, exposing calls, chats and emails

A security researcher has found an exposed database on the internet belonging to online printing giant Vistaprint.

Security researcher Oliver Hough discovered the unencrypted database last week. There was no password on the database, allowing anyone to access the data inside. The database was first detected by exposed device and database search engine Shodan on November 5, but it may have been exposed for longer.

Hough tweeted to warn the company of the security lapse, but has not heard back.

Vistaprint, owned by Netherlands-based parent Cimpress, quietly took the database offline after TechCrunch reached out but did not comment by our deadline. Robert Crosland, a spokesperson for Vistaprint, said in a statement after we published that the exposure affected customers in the U.S., the U.K. and Ireland.

“This is unacceptable and should not have happened under any circumstances,” the company said. “We’re currently carrying out a full investigation to understand what happened and how to prevent any future recurrence. At this time, we do not know whether this data has been accessed beyond the security researcher who found it,” the spokesperson said.

The company said it will inform customers of the exposure — many of whom are protected under the strict GDPR data protection rules.

The database contained five tables stored with data on more than 51,000 customer service interactions, such as calls to customer service or chats with an online support agent. The data also included personally identifiable information, including names and contact information, which could identify individual customers.

One table named “cases” contained incoming customer queries, including the customer’s name, email address, phone number, and the date and time of their interaction with customer service. Many of those customer service interactions were as recent as mid-September.

The data also contained information hidden from the customer. Each customer service interaction in the “cases” table appeared to have graded the customer’s query based off keywords picked from their query. That helped to determine the customer’s “sentiment”, which then described their complaint as either “negative” or “neutral”. The data also included the “priority” of a customer’s interaction, allowing it to be pushed higher in the queue.

Another table named “chat” contained thousands of customers’ line-by-line online chat interactions with support agents, but also contained information about the customer’s browser and network connection, where they were located, and what operating system they used, and their internet provider.

Some of the recorded chat logs also contained sensitive information like order numbers and postal tracking numbers, but there were no passwords or financial data in the exposed database.

The “emails” table contained entire email threads with customers detailing problems or other issues with their orders. And, the “phone” table contained specific information about each call, including the date and time, how long the customer was kept on hold, a written transcript of the call — often including details of the customer’s orders — and an internal link (which we could not access) to the recording of the call.

The data also contained some account information, including work email addresses and some phone numbers belonging to Vistaprint customer service staff.

According to Hough, the database was not currently sending or receiving data. The database was named “migration,” suggesting the database was used to temporarily store data while it was moved customer records from one server to another.

But it’s not clear why the database was exposed and left online without a password.

It’s the latest example of a security lapse involving lax internal data controls. This year alone, several data exposures have put millions of customers at risk, including online game ‘Magic: The Gathering”, a popular online ‘camgirl’ site, as well as job searching site Monster.com and IT giant Tech Data.

Updated with a statement from Vistaprint.

Related stories:

Comments

Popular posts from this blog

Uber co-founder Garrett Camp steps back from board director role

Uber co-founder Garrett Camp is relinquishing his role as a board director and switching to board observer — where he says he’ll focus on product strategy for the ride hailing giant. Camp made the announcement in a short Medium post in which he writes of his decade at Uber: “I’ve learned a lot, and realized that I’m most helpful when focused on product strategy & design, and this is where I’d like to focus going forward.” “I will continue to work with Dara [Khosrowshahi, Uber CEO] and the product and technology leadership teams to brainstorm new ideas, iterate on plans and designs, and continue to innovate at scale,” he adds. “We have a strong and diverse team in place, and I’m confident everyone will navigate well during these turbulent times.” The Canadian billionaire entrepreneur signs off by saying he’s looking forward to helping Uber “brainstorm the next big idea”. Camp hasn’t been short of ideas over his career in tech. He’s the co-founder of the web 2.0 recommendatio...

Leading VCs discuss how COVID-19 has impacted the world of digital health

In December 2019, Extra Crunch spoke to a group of investors leading the charge in health tech to discuss where they saw the most opportunity in the space leading into 2020 . At the time, respondents highlighted startups in digital therapeutics, telehealth and mental health that were improving medical practitioner efficiency or streamlining the distribution of care, amongst a variety of other digital health markets that were garnering the most attention. Where top VCs are investing in digital health In the months since, the COVID-19 crisis has debilitated national healthcare systems and the global economy. Weaknesses in healthcare systems have become clearer than ever, while startups and capital providers have struggled to operate while wide swaths of the market effectively shut down. Given significant volatility and the rapid changes seen in the worlds of healthcare, venture and startups broadly, we wanted to understand which inefficiencies might have been brought to light, w...

News-reading app Flipboard expands local coverage, including coronavirus updates, to 12 more U.S. metros

Earlier this year, personalized news aggregation app Flipboard expanded into local news . The feature brought local news, sports, real estate, weather, transportation news and more to 23 cities across the U.S. Today, Flipboard is bringing local news to 12 more U.S. metros and is adding critical coronavirus local coverage to all of the 35 supported locales. The 12 new metros include the following:  Baltimore, Charlotte, Cleveland, Detroit, Indianapolis, Nashville, Pittsburgh, Orlando, Raleigh, Salt Lake City, St. Louis, and Tampa Bay. They join the 23 cities that were already supported:  Atlanta, Austin, Boston, Chicago, Dallas, Denver, Houston, Las Vegas, Los Angeles, Miami, Minneapolis-St. Paul, New Orleans, New York City, Philadelphia, Phoenix, Portland, Sacramento, San Diego, San Francisco Bay Area, Seattle, Toronto, Vancouver and Washington, D.C. To offer local news in its app, Flipboard works with area partners, big and small, like The Plain Dealer’s Cleveland.com , ...