Close Menu
TechTost
  • AI
  • Apps
  • Crypto
  • Fintech
  • Hardware
  • Media & Entertainment
  • Security
  • Startups
  • Transportation
  • Venture
  • Recommended Essentials
What's Hot

Your Brand Deserves Its Own Stage — TechCrunch Disrupt 2026 Side Events

Threads adds new features to Live Chats as it expands access

The browser wars aren’t about search anymore — here are the best alternatives to Chrome and Safari

Facebook X (Twitter) Instagram
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer
Facebook X (Twitter) Instagram
TechTost
Subscribe Now
  • AI

    Anthropic is discussing a new custom chip with Samsung

    3 July 2026

    Jersey Mike’s IPO shows just how bad the AI ​​hype has gotten

    3 July 2026

    OpenAI proposed donating 5% of its equity to a US sovereign wealth fund

    2 July 2026

    SpaceX has a prototype AI device, and it sure sounds like a phone

    2 July 2026

    Meta, like SpaceX, appears to be turning AI overcomputation into cash

    1 July 2026
  • Apps

    Threads adds new features to Live Chats as it expands access

    4 July 2026

    Travel app Hopper to pay $35 million in FTC settlement over ‘unfair’ hidden fees

    3 July 2026

    Meta quietly launches vibe-encoded Pocket gaming app

    3 July 2026

    Popular TV-watching app TV Time is shutting down as the company focuses on artificial intelligence

    2 July 2026

    WhatsApp usernames are already raising red flags of impersonation

    2 July 2026
  • Crypto

    Venice AI goes unicorn with $65M Series A as first privacy AI platform takes off

    1 July 2026

    Crypto Exchange OKX wants AI agents to hire and pay each other

    30 June 2026

    Startup Battlefield 200 applications close today

    27 May 2026

    5 days left: Save up to $410 on Disrupt 2026 passes

    25 May 2026

    As crypto cools, a16z crypto raises $2.2 billion in capital

    6 May 2026
  • Fintech

    India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

    28 June 2026

    Early Bird pricing ends tonight for the Founder Summit

    26 June 2026

    4 days left to save up to $190 on Founder Summit 2026

    23 June 2026

    Robinhood’s note on 10% layoffs shows that blaming AI doesn’t cut it

    17 June 2026

    Anthropic’s latest spat with the Trump administration may actually help it, sales figures suggest

    17 June 2026
  • Hardware

    IQM, Europe’s first public quantum company, admits that the future of the technology is uncertain

    3 July 2026

    Thiel Capital’s Jack Selby commits stakes in hot startups like Etched through Arizona connections

    3 July 2026

    Ashton Kutcher is leaving Sound Ventures to start a new VC firm with Morgan Beller

    2 July 2026

    Flipper’s new Busy Bar is a customizable display for productivity

    30 June 2026

    South Korea’s tech giants pledge over $550 billion to ease ‘RAMageddon’

    30 June 2026
  • Media & Entertainment

    Cloudflare’s new policy pushes AI companies to pay for publishers’ content

    1 July 2026

    Watch out, Amazon: The Kobo eReader now has a Goodreads rival

    29 June 2026

    YouTube Shorts just got even shorter with an update that lets you double the playback speed

    25 June 2026

    Deezer says its new feature allows fans to remix songs with the artist’s consent

    24 June 2026

    Instagram looks set to take on streaming services with a longer, episodic and live format for its TV app

    22 June 2026
  • Security

    Politician who investigated abuses of wiretapping software on his phone with Pegasus spyware

    3 July 2026

    The US government says it’s been hacked — again

    2 July 2026

    In major privacy victory, Supreme Court rules that geo-trafficking warrants are protected by privacy rights

    29 June 2026

    The Klue hack results in a data breach at several cybersecurity companies

    26 June 2026

    Cellebrite said it cut off Russia, but Russia used its tools anyway

    26 June 2026
  • Startups

    Your Brand Deserves Its Own Stage — TechCrunch Disrupt 2026 Side Events

    4 July 2026

    The browser wars aren’t about search anymore — here are the best alternatives to Chrome and Safari

    3 July 2026

    Last chance to apply — Startup Battlefield Australia applications close on 6 July

    3 July 2026

    Arcturus could halve grid electrical losses using nano-infused metals

    2 July 2026

    Indian tech tycoon bets $30 million of his own money to build AI alternative to Microsoft Office

    2 July 2026
  • Transportation

    Chevy built an all-American EV truck — why isn’t anyone buying it?

    3 July 2026

    Rivian raises EV sales forecast as second-quarter production ramps up

    3 July 2026

    Lucid Motors CFO steps down as new CEO continues leadership shakeup

    2 July 2026

    Tesla begins testing Cybercab without pedals or steering wheel in Austin

    2 July 2026

    Lime is starting life as a public company after years of uncertainty

    1 July 2026
  • Venture

    After $18B IPO, Bending Spoons Founder Says Success Comes From Minimizing Luck

    2 July 2026

    Bending Spoons defies SaaS slump, up 40% on first day of trading

    2 July 2026

    The DeepMind trio that created a poker AI is now making money for quantitative hedge funds

    1 July 2026

    Patronus AI lands $50 million to create ‘digital worlds’ that stress-test AI agents

    26 June 2026

    How to invest when everything is moving too fast

    24 June 2026
  • Recommended Essentials
TechTost
You are at:Home»Security»Petco takes down Vetco website after exposing customers’ personal information
Security

Petco takes down Vetco website after exposing customers’ personal information

techtost.comBy techtost.com10 December 202504 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Email
Petco Takes Down Vetco Website After Exposing Customers' Personal Information
Share
Facebook Twitter LinkedIn Pinterest Email

Pet wellness company Petco has taken part of its Vetco Clinics website offline after a security breach exposed troves of personal customer information to the open web.

After TechCrunch alerted the company to the exposed data related to Vetco customers and their pets, Petco confirmed in a statement that it was investigating the data breach at its veterinary services company and declined to comment further.

The security flaw allowed anyone on the Internet to download customer files from Vetco’s website without needing a user’s login information. At least one customer file was exposed and indexed by Google, allowing anyone to find the data by searching for it.

The customer records, seen by TechCrunch, included visit summaries, medical histories, and prescription and vaccination records, among other records related to Vetco customers and their pets.

The files also contained customer names. their home address, email address, and phone number; the location of the Vetco clinic where the services were performed; medical evaluations, tests, and diagnoses; and the cost of goods, names of veterinarians, consent forms, owner signatures, and dates of services.

We also found animal names, species and breed, their sex, age and date of birth, their microchip number (if registered), their medical information and prescription records in the records.

TechCrunch notified Petco of the security flaw on Friday after discovering the vulnerability. The company acknowledged the data exposure days later the following Tuesday after TechCrunch followed up by attaching several exposed customer files to our email.

Petco spokesman Ventura Olvera told TechCrunch late Tuesday that the company “has implemented and will continue to implement additional measures to further strengthen the security of our systems,” though the company did not provide evidence for the claim.

Olvera would not say whether the company has the technical means, such as logs, to determine whether data was extracted from the company’s systems during the data breach.

How TechCrunch found the data breach

TechCrunch found a vulnerability in the way Vetco’s website creates copies of PDF documents for its customers.

Vetco’s customer portal, located at petpass.comallows customers to log in and obtain veterinary records and other documents related to their pet’s care. But TechCrunch found that the PDF creation page on Vetco’s website was public and not password protected.

Therefore, it was possible for anyone on the Internet to access sensitive customer records directly from Vetco’s servers by modifying the web address to enter a customer’s unique identification number. Vetco’s customer numbers are sequential, meaning someone could access other customers’ data just by changing a customer number by a digit or two.

TechCrunch checked at intervals of 100,000 customers to determine how many records may have been exposed in total. The back-to-back customer numbers suggest that millions of Petco customer information could have been recovered.

The bug is classified as an insecure direct object reference (or IDOR), a common flaw in security practices that allows unrestricted access to files on a server because there aren’t proper checks in place to make sure the person accessing the data is allowed.

It’s unclear how long these customer files have been exposed, but the customer file cited by Google dates back to mid-2020.

Third Petco breach this year

By TechCrunch’s count, this is Petco’s third data breach of 2025.

Earlier this year, hackers associated with the hacking collective Scattered Lapsus$ Hunters allegedly stole reams of data from a database of customer information that Petco hosts with cloud giant Salesforce. The hackers demanded that the victim companies pay a ransom in order not to leak their information.

In September, Petco disclosed a second data breach involving a security issue the company said it discovered on its own. Petco blamed the data leak on “a setting in one of our software applications that inadvertently allowed certain files to be accessible online,” but did not provide specific details about the incident.

This data breach included sensitive customer information such as social security numbers, driver’s licenses and financial information including debit and credit card numbers.

Olvera declined to say how many people are affected by the September incident, but California law requires companies to publicly disclose data breaches when the number of victims in the state exceeds 500 people.

TechCrunch believes this latest data breach involving Vetco is a separate security incident, given that Petco began notifying its customers of the previous data breach several months ago.

customers cyber security data breach data report Exclusive exposing information personal Petco takes vetco website
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleCashew research goes after the $90 billion market research industry with artificial intelligence
Next Article Founder of AI startup Tavus says users talk to AI Santa ‘for hours’ a day
bhanuprakash.cg
techtost.com
  • Website

Related Posts

Politician who investigated abuses of wiretapping software on his phone with Pegasus spyware

3 July 2026

The US government says it’s been hacked — again

2 July 2026

Arcturus could halve grid electrical losses using nano-infused metals

2 July 2026
Add A Comment

Leave A Reply Cancel Reply

Don't Miss

Your Brand Deserves Its Own Stage — TechCrunch Disrupt 2026 Side Events

4 July 2026

Threads adds new features to Live Chats as it expands access

4 July 2026

The browser wars aren’t about search anymore — here are the best alternatives to Chrome and Safari

3 July 2026
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Fintech

India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

28 June 2026

Early Bird pricing ends tonight for the Founder Summit

26 June 2026

4 days left to save up to $190 on Founder Summit 2026

23 June 2026
Startups

Your Brand Deserves Its Own Stage — TechCrunch Disrupt 2026 Side Events

The browser wars aren’t about search anymore — here are the best alternatives to Chrome and Safari

Last chance to apply — Startup Battlefield Australia applications close on 6 July

© 2026 TechTost. All Rights Reserved
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer

Type above and press Enter to search. Press Esc to cancel.