Live Chats crossed with other customers
Problem reported by Nathalie V - 1/11/2016 at 8:50 AM
This may not be a 100% an issue with Smartertrack itself, but there could be something in the way it's coded that is contributing to this.
We use Incapsula filtering, but caching is completely disabled disabled. They are mostly providing web application firewall and compression.
What we've experienced several times is live chats getting completely crossed. Our agent is talking with one specific customer, and then all of a sudden a different customer is typing in that live chat and can also see what was going on in the other chat.
During this time, there wasn't another live chat waiting or ongoing, there is only once chat instance and somehow another customer clicked for live chat and ended up in a pre-existing chat.
Has anyone seen this before?
Again it might not purely a SmarterTools issue I am also reaching out to Incapsula but my guess is that something in the headers or session is causing their system to think both chats belong to the same session.
This is obviously a security problem as well as any personal details being discussed in live chat are visible to another party.
We are running SmarterTrack Enterprise 11.2
Thank you

5 Replies

Reply to Thread
Alejandro Rios Replied
We have the same problem, we are not using Incapsula.
Nathalie V Replied
Interesting, so this must be a Smartertrack issue then. Incapsula didn't think it could be anything at their side.

Smartertools -- please investigate.
Andrea Free Replied
Employee Post
Hi Nathalie,
This isn't expected behavior nor something I've seen occur. I can definitely understand the concern for security though. I would recommend that you get in touch with our support department directly to troubleshoot this. This seems like something that we'll need access in order to look into. 
To submit a support incident, you'll need to be sure that you have a ticket available on your account. Then, click on the Tickets tab above and click Start Ticket. If you need assistance purchasing or submitting a support ticket, let me know and I'll get in touch with you directly with an outbound ticket. Keep in mind, if the issue is caused by the software, your ticket will be refunded. 

Andrea Free
SmarterTools Inc.


Nathalie V Replied
Is there a way to do this by submitting a bug report rather than paying for a support ticket? Even though you would eventually credit the support ticket once found to be a bug, this isn't an issue that is easily reproduced it's very random and it may or may not ever happen again and if this drags on we'd never get credited back for the support ticket.

Nathalie V Replied
I never received a reply as to how to submit a bug report without having to purchase a support ticket first. Even if that ticket would be refunded it still doesn't make sense to have to purchase a support ticket to notify you about this security problem.
At the time when I started this post we were using Incapsula, and to rule that out we are no longer using Incapsula.  The issue is still occurring randomly.
I think you should take this more seriously as if someone learns how to replicate this they can easily use this on any online site that offers support via SmarterTrack to obtain sensitive information from other customer chats.
In fact, this could be already occurring as unless one party in the chat speaks out about the issue there's no way to even know the chat got merged, so someone malicious could easily intercept/eavesdrop on other companies client chats without anyone knowing.
Please direct me to the URL or email address to report this security problem directly.
Thank you

Reply to Thread