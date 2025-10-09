Data Security, Breach, Privacy

VTEX database exposing customer info remains unsecured

VTEX a global e-commerce platform for over 3,500 online stores, including those of Nestle, Coca-Cola, Sony, Walmart, Mazda, and Samsung has inadvertently leaked the data of six million shoppers, according to Cybernews. Cybernews researchers discovered the exposure at the end of February, after finding an unauthenticated cloud container containing Parquet files with customer details such as email and residential addresses, phone numbers, order details, and purchase histories. Despite repeated contact attempts and the involvement of Brazil's national computer emergency response team, VTEX has not secured the database or issued a statement. Researchers warned that the leaked data could be exploited by threat actors to conduct phishing or fraud campaigns by impersonating well-known retailers. They emphasized that the breach poses significant risks, particularly as the global shopping season approaches. The leak also raises privacy and safety concerns, as the data includes information that could be used for harassment, targeted scams, or stalking.

