Managed Services Australia Logo - Different Size

Data Breach of Vistaprint customers personal information.


December 6, 2019

In a concerning revelation, Vistaprint, the renowned online printing behemoth, has faced a significant security oversight. Oliver Hough, an esteemed security researcher, came across an unguarded database linked to the company, readily available on the internet.

Initially detected by Shodan – a search engine specialising in pinpointing exposed devices and databases – on 5th November, the duration for which this database remained exposed is yet to be confirmed. Although Hough reached out to Vistaprint via a tweet, there was no forthcoming response. Following an intervention by TechCrunch, Vistaprint discreetly took the database offline, choosing not to comment immediately.

Later, Robert Crosland, representing Vistaprint, revealed that the breach primarily impacted their clients in the U.S., U.K., and Ireland. The company firmly declared such a data breach utterly indefensible. A comprehensive investigation is currently underway to ascertain the magnitude of this oversight and to devise robust measures ensuring it doesn’t recur. Furthermore, Vistaprint announced its plans to alert the affected customers, a large number of whom are safeguarded by the stringent GDPR data protection norms.

The database, alarmingly, contained data of over 51,000 customer service exchanges and included personal details, thus jeopardising individual customer identities. It housed explicit information such as customer names, email addresses, phone numbers, and specific timestamps of their interactions. Notably, the data provided in-depth details of chat exchanges with support agents and pertinent order information.

An intriguing observation within the database revealed that each customer query was evaluated based on certain keywords, which determined the “sentiment” of the complaint, categorising them as either “negative” or “neutral”. This evaluation further influenced the “priority” of these interactions in the queue.

Among the disclosed data, certain aspects were particularly perturbing. The “chat” section divulged details regarding the customer’s operating system, browser, location, and even their internet service provider. Moreover, the “phone” section displayed comprehensive call details, often inclusive of transcripts with intricate order information. Thankfully, this breach did not expose any financial details or passwords.

The database, intriguingly labelled as “migration”, is postulated to act as a transient repository during data movement between servers. The pressing query that lingers is: How could such a database remain unprotected in the vast expanse of the internet?

Source: Tech Crunch

Key Takeaway:

A significant lapse at Vistaprint has laid bare a vast amount of customer data. This incident accentuates the paramount importance of robust cybersecurity measures in today’s digital era.

Click here to learn more about Managed Services Australia.

Visit our Technology Centre and make your first purchase with us today!

Ring us at 📞 1300 024 748 or drop a line through our contact form. Your uninterrupted operations are just a call away.

Book a consultation with Managed Services Australia.

Start your journey towards seamless IT solutions with us today – unlock your business’s true potential!