Data protection regulation violation risk-third party data leakage
waiting for reporter
J
Julietta Pandukhtyan
Steps to reproduce:
1. Open Cryptocurrency Exchange: Trade BTC, ETH & Altcoins | Fastex
2. Click on Hoory icon in the right below corner
3. Write your details
4. End the conversation
Close Hoory icon with X.
Actual result: When I use the same PC and browser my personal details are not protected because if another user uses the same PC or other device and the same browser and clicks " Continue conversation button" all my details can be shown to third party user. Please see screen-capture.webm
Expected result: The third party user should not be able to see the chat performed by the previous user.
The current issue is compliance-based and should be solved asap as it violates the 6th point of
Data Privacy and Security: The exchange shall maintain strict data privacy and security measures to protect customer information. Access to customer data shall be restricted to authorized personnel only, and appropriate safeguards shall be implemented to prevent unauthorized access, use, or disclosure. Customer data shall be retained in accordance with applicable laws and regulations.
Please provide ETA for this issue as it should be solved immediately. Thanks beforehand.
G
George
Hossein The feature is not very convenient for the clients as they have to be logged in, in order to contact us via live chat, for example if a client cannot register on the website or cannot login, they won't be able to contact us.
Hossein
waiting for reporter
Hossein
Dear Julietta Pandukhtyan , according to what we discussed in the meeting, to have data protection you need to use Enforce User Identity Validation option.
Here is the link:
J
Julietta Pandukhtyan
Hossein jan unfortunately the solution provided to CS is not acceptable , so please do not close the task until further solution.
Hossein
Julietta Pandukhtyan:
If the user wants to check the conversation, there is a possibility to ask for a chat transcript from the Customer support agent, other chat tools like Zendesk automatically send the chat transcript to the user after the conversation is closed. But if it is a public computer and Hoory works like it was shown in the video: https://drive.google.com/file/d/1WEgbgSLxe7vwVhI_9ytNnSToaPuFb1ZD/view?usp=sharing
there is a risk to have third party data leakage.
----
Lilith Jalalyan :
Julietta Pandukhtyan the user can Click Start Conversation before leaving the widget, once clicked a brand new conversation will be started and the previous one will not be seen.
What if the user wants to recheck his/her conversation, or they accidentally close the widget ?
----
Christine Mkrtchyan:
Hossein Moghtafari I have checked this is our logic
There is the possibility to reset the widget after each “End Conversation“ by using this code
window.addEventListener('hoory:on-conversation-resolved', (data) => {
window.$hoory.reset()
})