Massive data leak just exposed the personal info of 6 million shoppers — how to stay safe

Editor's note: We received a statement from VTEXT to clarify details within this article and have updated this article with quotes from the company's official statement as well as additional details to reflect the most updated information possible.

A major e-commerce company, VTEX, has been affected by a data leak that involves the personally identifiable information and sensitive data of more than 6 million people for more than half a year, according to an investigation from Cybernews. This is particularly concerning with a major shopping event like Amazon Prime Big Day Deals going on, as there will likely be even more scams, phishing attacks and fraud attempts.

Cybernews first noticed the incident more than six months ago, but the company had no response when the publication attempted to contact VTEK. In it's official statement, the company has stated that the leak did not involved VTEX systems directly but those of a third-party company which then "confirmed the leak in their internal system and ...implemented corrective measures." In their original story Cybernews reported that the database remained exposed online after it had alerted the company of the leak.

In February of this year, Cybernews researchers said they found that VTEX had unknowingly uploaded a very large amount of their users data to the open internet. This occurred because of an unauthenticated container — basically, human error which caused a cloud storage environment to be misconfigured or left open without a password. Private data was then visible and accessible to anyone online who searched for it.

VTEX has stated their investigation has confirmed that VTEX "infrastructure and systems remain secure," and that there "were no anomalies in VTEX environments." It has assured customers that "your data was not affected by this reported leak."

Personal and sensitive information like email addresses, physical addresses, phone numbers, purchase history and order details were leaked for more than 6 million customers. The data is contained in Parquet-formatted files, which is a data storage format used to organize large datasets for company analytics or for organizing customer data.

In response, Cybernews posted their findings and contacted the Brazilian CERT in order to attempt to rectify the situation and secure the data. As the news outlet points out, though, this is particularly important during a huge sales event like Amazon's Prime Big Day Deals as more people are shopping online than usual.

VTEX powers 3,500 online stores and is used by major brands like Walmart, Sony, Samsung and more. They have clients across 38 countries, and are responsible for global commerce so this could have a wide ranging impact.

How to stay safe after a data breach

One of the main risks after a data breach is phishing attacks, which may look like they come from a legitimate retailer or website. So one of the things to stay on alert for is emails or texts that appear like they come from a VTEX-affiliated site or any site you've shopped at previously in regard to a delivery issue. Likewise, you may see phishing emails which claim there is an order confirmation for something you didn’t buy.

If you haven't already invested in one of the best identity theft protection services, it's best to do so before it's too late. Those who have identity theft protection in place will be able to receive alerts for any suspicious behavior and will have experts on-hand should any of their data be misused.

As always, we recommend you to be on high alert for phishing attempts – specifically look out for any emails that sound urgent and want you to “act now” to fix an issue, to provide additional personal or financial details, or need you to correct an account problem. It's also important to stay vigilant against social engineering attacks and to monitor your accounts for suspicious activity. The best way to stay safe against phishing is to avoid clicking on any links, QR codes or attachments in emails or messages from unknown senders.

From there, you'll want to make sure you're protected from online scams and hacks by using one of the best antivirus software solutions on all your devices, and when you're online, use their built-in protections like a VPN or a hardened browser to help keep you and your devices safe from malware and other online threats.

Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.

More from Tom's Guide

• These are the best Amazon Prime Day antivirus deals on packages for five devices (or more)
• Unity just patched a serious security flaw - update your games and apps now
• Discord users suffer the first high-profile age-verification hack – and it's unlikely to be the last