- VTEX database exposed six million users due to misconfigured and unauthenticated cloud container
- The leaked data includes emails, addresses, phone numbers and detailed purchase histories.
- Cybernews alerted VTEX and the Brazilian CERT after six months without response from VTEX
Global e-commerce company VTEX was found to be leaking sensitive customer data on millions of people, experts have warned.
The alarm was raised by cybersecurity researchers in cyber news, who stated that, despite their best efforts, they were unable to contact VTEX and get the company to plug the leak.
Cybernews said that in late February 2025, its researchers discovered an unprotected database containing a “large portion” of user data. “The data breach originated from an unauthenticated container. This is a common configuration error caused by human error that leaves the cloud storage environment passwordless. It makes private data potentially visible to search engines and accessible to anyone online,” the report states.
Unanswered
In total, six million people reportedly have their information on display, including email addresses, mailing addresses, phone numbers, order details, and other purchase histories—more than enough information to launch phishing attacks, identity theft, and possibly even wire fraud.
The information was stored in Parquet format, a type of columnar data storage used to organize large data sets that are often part of a larger data analysis system.
cyber news He tried to contact VTEX to have the database blocked, but they supposedly never received a response, in more than six months.
The researchers were then forced to report the findings to the Brazilian CERT, as well as reveal them publicly.
“We have decided to publish our findings to help customers stay alert ahead of the seasonal shopping madness that is about to begin.” cyber news he said, alluding to the rapidly approaching Black Friday.
VTEX is a Brazilian software company that offers a cloud trading platform (SaaS) for digital commerce. It operates in 38 countries, powers more than 3,000 online stores and provides services to major brands such as Coca-Cola, Sony and Samsung.
If you made purchases from any of VTEX’s customers in late 2024 and early 2025, there is a good chance you will be affected. Can you always run your email address through HaveIBeenPwned? to see if you are exposed, and you can also pay attention to incoming spam emails to see if any come from VTEX clients; just make sure you don’t interact with any of the incoming messages.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
