In our WP/Woo ecommerce website, recently there are instances where a customer sees the previous customer’s personal details at checkout. These are customers on their own devices in different locations unknown to each other and the viewers of stored data that wasn’t theirs have emailed notifying us of the privacy breach. I have personally observed this twice making my own test purchases for other reasons, and have confirmed in the back end that the details are from the most recent customer. Stored data appears to delete after ~5-7 hours (in the single case i was able to watch for this). Fortunately, while addresses and contact info are stored, payment information was not. First time i saw this was Nov 21, the date WP 6.7.1 rolled out. I didn’t update immediately, but have now. We are also new to using Brevo and have its plugin running (It looks like MC, with all its faults may have caused similar serious privacy breaches a couple years ago.i left mailchimp for brevo ~6 months ago and uninstalled MC’s broken useless plugin). Affected orders all processed by stripe (our default payment processor, so not necessarily unusual) so far.
As i can’t replicate this problem reliably (whenever i see a recent order i check if the checkout details are saved – mostly not i’m at a total loss: Plugin testing obviously doesn’t work without being able to replicate the issue consistently. I am periodically checking for new orders and then going to front end on incognito browser to see if personal data stored in checkout (but so far haven’t caught any except the two i saw coincidentally). I have placed test orders myself then go to the front end on a different device and/or private browser to see if data stored – so far all negative. Hosting company and WP rocket assure me their software isn’t storing the data. Haven’t heard from Woo, Stripe or Brevo yet. I guess i should contact cookie yes. web developer hasn’t found anything yet. I’ve contacted the hosting company that denies they could be caching this data. Tickets pending with Woo, Rocket, Brevo and Stripe. Cookie Yes (that we use) was implicated in a previous odd and erratic performance. Any advice on what might be going on, where i can look, who (else) i can contact, and how i can fix this would be greatly appreciated. PS, i am the webmaster, but am not a developer. Our developer is also currently looking into this serious bug.