1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Ecommerce giant VTEX leaks details of six million shoppers - here

    From TechnologyDaily@1337:1/100 to All on Wednesday, October 08, 2025 12:45:08
    Ecommerce giant VTEX leaks details of six million shoppers - here's what we know, and how you can find out if you're affected

    Date:
    Wed, 08 Oct 2025 11:32:00 +0000

    Description:
    Large VTEX database found sitting unprotected online, leaking customer
    contact data and spending habits.

    FULL STORY ======================================================================VTEX database exposed six million users due to a misconfigured, unauthenticated cloud container Leaked data includes emails, addresses, phone numbers, and detailed purchase histories Cybernews alerted VTEX and Brazilian CERT after six months of no response from VTEX

    Global ecommerce company VTEX was found leaking sensitive customer data on millions of people, experts have warned.

    The alarm was sounded by cybersecurity researchers at Cybernews , who claimed despite their best efforts, they couldnt reach VTEX and get the company to plug the leak.

    Cybernews said that in late February 2025, its researchers discovered an unprotected database containing a massive chunk of user data. The data leak originated from an unauthenticated container. This is a common misconfiguration caused by human error that leaves the cloud storage environment without a password. It makes private data potentially visible to search engines and accessible to anyone online, the report states. No
    response

    In total, six million people reportedly have their information out in the open, including email addresses, postal addresses, phone numbers, order details, and other purchase histories - more than enough information to
    launch phishing attacks, identity theft , and possibly even wire fraud.

    The information was stored in Parquet format, a columnar data storage type used to organize large datasets that are often part of a wider data analytics system.

    Cybernews tried reaching out to VTEX to get them to lock the database down, but allegedly they never heard back - in more than six months.

    The researchers were then forced to report the findings to the Brazilian
    CERT, as well as to publicly disclose their findings.

    Weve decided to post our findings to help customers stay vigilant ahead of
    the seasonal shopping madness thats about to kick off, Cybernews said, alluding to the fast-approaching Black Friday.

    VTEX is a Brazilian software company offering a cloud commerce platform
    (SaaS) for digital commerce. It operates in 38 countries, powers more than 3,000 online stores, and services major brands such as Coca-Cola, Sony, or Samsung.

    If youve made purchases from any of VTEXs clients in late 2024 and early
    2025, there is a good chance youre affected. You can always run your email address through HaveIBeenPwned? to see if you are exposed, and you can also pay attention to the incoming spam emails to see if any are coming from VTEXs customers - just make sure not to interact with any of the incoming messages.

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too. You might also like Massive database containing identity info on 252 million people leaked online - here's what we know Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/ecommerce-giant-vtex-leaks-details-of-s ix-million-shoppers-heres-what-we-know-and-how-you-can-find-out-if-youre-affec ted


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)