Skip to main content

Vistaprint left a customer service database unprotected, exposing calls, chats and emails

A security researcher has found an exposed database on the internet belonging to online printing giant Vistaprint.

Security researcher Oliver Hough discovered the unencrypted database last week. There was no password on the database, allowing anyone to access the data inside. The database was first detected by exposed device and database search engine Shodan on November 5, but it may have been exposed for longer.

Hough tweeted to warn the company of the security lapse, but has not heard back.

Vistaprint, owned by Netherlands-based parent Cimpress, quietly took the database offline after TechCrunch reached out but did not comment by our deadline. Robert Crosland, a spokesperson for Vistaprint, said in a statement after we published that the exposure affected customers in the U.S., the U.K. and Ireland.

“This is unacceptable and should not have happened under any circumstances,” the company said. “We’re currently carrying out a full investigation to understand what happened and how to prevent any future recurrence. At this time, we do not know whether this data has been accessed beyond the security researcher who found it,” the spokesperson said.

The company said it will inform customers of the exposure — many of whom are protected under the strict GDPR data protection rules.

The database contained five tables stored with data on more than 51,000 customer service interactions, such as calls to customer service or chats with an online support agent. The data also included personally identifiable information, including names and contact information, which could identify individual customers.

One table named “cases” contained incoming customer queries, including the customer’s name, email address, phone number, and the date and time of their interaction with customer service. Many of those customer service interactions were as recent as mid-September.

The data also contained information hidden from the customer. Each customer service interaction in the “cases” table appeared to have graded the customer’s query based off keywords picked from their query. That helped to determine the customer’s “sentiment”, which then described their complaint as either “negative” or “neutral”. The data also included the “priority” of a customer’s interaction, allowing it to be pushed higher in the queue.

Another table named “chat” contained thousands of customers’ line-by-line online chat interactions with support agents, but also contained information about the customer’s browser and network connection, where they were located, and what operating system they used, and their internet provider.

Some of the recorded chat logs also contained sensitive information like order numbers and postal tracking numbers, but there were no passwords or financial data in the exposed database.

The “emails” table contained entire email threads with customers detailing problems or other issues with their orders. And, the “phone” table contained specific information about each call, including the date and time, how long the customer was kept on hold, a written transcript of the call — often including details of the customer’s orders — and an internal link (which we could not access) to the recording of the call.

The data also contained some account information, including work email addresses and some phone numbers belonging to Vistaprint customer service staff.

According to Hough, the database was not currently sending or receiving data. The database was named “migration,” suggesting the database was used to temporarily store data while it was moved customer records from one server to another.

But it’s not clear why the database was exposed and left online without a password.

It’s the latest example of a security lapse involving lax internal data controls. This year alone, several data exposures have put millions of customers at risk, including online game ‘Magic: The Gathering”, a popular online ‘camgirl’ site, as well as job searching site Monster.com and IT giant Tech Data.

Updated with a statement from Vistaprint.

Related stories:



from TechCrunch https://ift.tt/37BzvZP
via IFTTT
Labels:

Comments

Post a Comment

Popular posts from this blog

The Silent Revolution of On-Device AI: Why the Cloud Is No Longer King

Introduction For years, artificial intelligence has meant one thing: the cloud. Whether you’re asking ChatGPT a question, editing a photo with AI tools, or getting recommendations on Netflix — those decisions happen on distant servers, not your device. But that’s changing. Thanks to major advances in silicon, model compression, and memory architecture, AI is quietly migrating from giant data centres to the palm of your hand. Your phone, your laptop, your smartwatch — all are becoming AI engines in their own right. It’s a shift that redefines not just how AI works, but who controls it, how private it is, and what it can do for you. This article explores the rise of on-device AI — how it works, why it matters, and why the cloud’s days as the centre of the AI universe might be numbered. What Is On-Device AI? On-device AI refers to machine learning models that run locally on your smartphone, tablet, laptop, or edge device — without needing constant access to the cloud. In practi...
1 comment
Read more

Apple’s AI Push: Everything We Know About Apple Intelligence So Far

Apple’s WWDC 2025 confirmed what many suspected: Apple is finally making a serious leap into artificial intelligence. Dubbed “Apple Intelligence,” the suite of AI-powered tools, enhancements, and integrations marks the company’s biggest software evolution in a decade. But unlike competitors racing to plug AI into everything, Apple is taking a slower, more deliberate approach — one rooted in privacy, on-device processing, and ecosystem synergy. If you’re wondering what Apple Intelligence actually is, how it works, and what it means for your iPhone, iPad, or Mac, you’re in the right place. This article breaks it all down.   What Is Apple Intelligence? Let’s get the terminology clear first. Apple Intelligence isn’t a product — it’s a platform. It’s not just a chatbot. It’s a system-wide integration of generative AI, machine learning, and personal context awareness, embedded across Apple’s OS platforms. Think of it as a foundational AI layer stitched into iOS 18, iPadOS 18, and m...
Post a Comment
Read more

Max Q: Anomalous

Hello and welcome back to Max Q! Last week wasn’t the most successful for spaceflight missions. We’ll get into that a bit more below. In this issue: First up, a botched launch from Virgin Orbit… …followed by one from ABL Space Systems News from Rocket Lab, World View and more Virgin Orbit’s botched launch highlights shaky financial future After Virgin Orbit’s launch failure last Monday, during which the mission experienced an  “anomaly” that prevented the rocket from reaching orbit, I went back over the company’s financials — and things aren’t looking good. For Virgin Orbit, this year has likely been completely turned on its head. The company was aiming for three launches this year, but everything will remain grounded until the cause of the anomaly has been identified and resolved. It’s unclear how long that will take, but likely at least three months. Add this delay to Virgin’s dwindling cash reserves and you have a foundation that’s suddenly much shakier than before. ...
Post a Comment
Read more