Internal chat database for multiple US companies exposed publicly

pOn February 1st 2025 while looking at some exposed databases I noticed one for what looked like an internal chat for employeesppOver twothirds of the 308 users on the chat were for Savantcare a Mental and Behaviour Health Clinic from the United States and around 30 users were from OVLG Oak View Law GroupppBy looking at the rest of the entries on the user table I noticed the chat was likely setup by Grmtech a Digital Marketing and SEO company from IndiappThe domain linked to the IP address hosting the database was httpmortgagefitcom which is another client of GrmtechppIts likely other clients of Grmtech also had user accounts for the chat the ones mentioned are just the ones that related to most of the information exposedppThe database contained over 130000 exposed files that may have been attachments sent through the chatppSome of what I saw includedppThe database also contained over 6 million chat messages some of them were exposing more PIIPHIppAround 18 million messages contained references to Savantcare so I decided to contact the company directlyppOn February 3rd I sent an email to Savantcare explaining the issue with the internal chat they were using and also mentioned that I noticed Grmtech seemed to be the company responsible for the chat and that I would be ccing them ppI also pointed out that Savantcare probably had better ways to reach out to themppSince one of the emails I added was support a help desk ticket was opened with Savantcare ppThe day after I sent the email the help desk ticket got closed and I was asked how they did ppThe server was still exposed at this point so I replied saying everything was still the same and I did not undertand why they closed the ticket without doing anythingppSome hours later on February 4th the server wasnt connecting anymore and just timed outppI have no idea if Savantcare contacted Grmtech about it or if anyone from Grmtech had actually read my emails and fixed the issueppI checked my logs to see the first time I flagged this database as being publicly exposed and the first entry is from January 1st 2025ppI dont know if Grmtech notified any of the companies that used the chat about their data being publicly exposed for over a month ppThe situation is the same about whether Savantcare notified any of the employees and patients either as I never got a reply to my email or the help desk ticketppppNo postsppReady for morep