A major e-commerce company, VTEX, has been leaking the personally identifiable information and sensitive data of more than 6 million people for more than half a year, according to an investigation from Cybernews. This is particularly concerning with a major shopping event like Amazon Prime Big Day Deals going on, as there will likely be even more scams, phishing attacks and fraud attempts.
Cybernews first reported the leak more than six months ago, but the company had no response when the publication attempted to contact VTEK. Nor did the e-commerce firm secure the database, which allowed the information to remain exposed online.
In February of this year, Cybernews researchers found that VTEX had unknowingly uploaded a very large amount of their users data to the open internet. This occurred because of an unauthenticated container — basically, human error which caused a cloud storage environment to be misconfigured or left open without a password. Private data was then visible and accessible to anyone online who searched for it.
Personal and sensitive information like email addresses, physical addresses, phone numbers, purchase history and order details were leaked for more than 6 million customers. The data is contained in Parquet-formatted files, which is a data storage format used to organize large datasets for company analytics or for organizing customer data.
In response, Cybernews posted their findings and contacted the Brazilian CERT in order to attempt to rectify the situation and secure the data. As the news outlet points out, though, this is particularly important during a huge sales event like Amazon's Prime Big Day Deals as more people are shopping online than usual.
VTEX powers 3,500 online stores and is used by major brands like Walmart, Sony, Samsung and more. They have clients across 38 countries, and are responsible for global commerce so this could have a wide ranging impact.
How to stay safe after a data breach
One of the main risks after a data breach is phishing attacks, which may look like they come from a legitimate retailer or website. So one of the things to stay on alert for is emails or texts that appear like they come from a VTEX-affiliated site or any site you've shopped at previously in regard to a delivery issue. Likewise, you may see phishing emails which claim there is an order confirmation for something you didn’t buy.
If you haven't already invested in one of the best identity theft protection services, it's best to do so before it's too late. Those who have identity theft protection in place will be able to receive alerts for any suspicious behavior and will have experts on-hand should any of their data be misused.
As always, we recommend you to be on high alert for phishing attempts – specifically look out for any emails that sound urgent and want you to “act now” to fix an issue, to provide additional personal or financial details, or need you to correct an account problem. It's also important to stay vigilant against social engineering attacks and to monitor your accounts for suspicious activity. The best way to stay safe against phishing is to avoid clicking on any links, QR codes or attachments in emails or messages from unknown senders.
From there, you'll want to make sure you're protected from online scams and hacks by using one of the best antivirus software solutions on all your devices, and when you're online, use their built-in protections like a VPN or a hardened browser to help keep you and your devices safe from malware and other online threats.
Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
More from Tom's Guide
- These are the best Amazon Prime Day antivirus deals on packages for five devices (or more)
- Unity just patched a serious security flaw - update your games and apps now
- Discord users suffer the first high-profile age-verification hack – and it's unlikely to be the last
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
