1
Live Chats crossed with other customers
Problem reported by Nathalie V - January 11, 2016 at 8:50 AM
Submitted
This may not be a 100% an issue with Smartertrack itself, but there could be something in the way it's coded that is contributing to this.
 
We use Incapsula filtering, but caching is completely disabled disabled. They are mostly providing web application firewall and compression.
 
What we've experienced several times is live chats getting completely crossed. Our agent is talking with one specific customer, and then all of a sudden a different customer is typing in that live chat and can also see what was going on in the other chat.
 
During this time, there wasn't another live chat waiting or ongoing, there is only once chat instance and somehow another customer clicked for live chat and ended up in a pre-existing chat.
 
 
Has anyone seen this before?
 
Again it might not purely a SmarterTools issue I am also reaching out to Incapsula but my guess is that something in the headers or session is causing their system to think both chats belong to the same session.
 
This is obviously a security problem as well as any personal details being discussed in live chat are visible to another party.
 
 
We are running SmarterTrack Enterprise 11.2
 
 
Thank you
 

2 Replies

Reply to Thread
0
Andrea Rogers Replied
February 22, 2016 at 12:07 PM
Employee Post
Hi Nathalie,
 
This isn't expected behavior nor something I've seen occur. I can definitely understand the concern for security though. I would recommend that you get in touch with our support department directly to troubleshoot this. This seems like something that we'll need access in order to look into. 
 
To submit a support incident, you'll need to be sure that you have a ticket available on your account. Then, click on the Tickets tab above and click Start Ticket. If you need assistance purchasing or submitting a support ticket, let me know and I'll get in touch with you directly with an outbound ticket. Keep in mind, if the issue is caused by the software, your ticket will be refunded. 
 
Thanks!
Andrea Rogers
Communications Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Nathalie V Replied
June 7, 2016 at 9:56 AM
I never received a reply as to how to submit a bug report without having to purchase a support ticket first. Even if that ticket would be refunded it still doesn't make sense to have to purchase a support ticket to notify you about this security problem.
 
At the time when I started this post we were using Incapsula, and to rule that out we are no longer using Incapsula.  The issue is still occurring randomly.
 
I think you should take this more seriously as if someone learns how to replicate this they can easily use this on any online site that offers support via SmarterTrack to obtain sensitive information from other customer chats.
 
In fact, this could be already occurring as unless one party in the chat speaks out about the issue there's no way to even know the chat got merged, so someone malicious could easily intercept/eavesdrop on other companies client chats without anyone knowing.
 
Please direct me to the URL or email address to report this security problem directly.
 
Thank you
 
 
 
 

Reply to Thread