Researchers have found that several thousand Oracle NetSuite customers are inadvertently leaking sensitive data to unauthenticated users through externally facing stores built with NetSuite SuiteCommerce or NetSuite Site Builder. The exposure is likely caused by a deficient understanding of access controls for custom record types in NetSuite, one of the most popular SaaS enterprise resource planning (ERP) platforms in use today.