Durex – made public the data of hundreds of customer orders

They didn’t defend themselves properly, and the customers drank the juice.

A TechCrunch announced the other day that Durex India, the Indian subsidiary of the British condom manufacturer, recently disclosed its customers’ order data. Names, phone numbers, e-mail addresses and residential addresses were leaked, which could pose a serious security risk to customers if they fell into the hands of malicious parties.

If that wasn’t enough, the products ordered and the amounts paid were also made public, which certainly put several customers in an uncomfortable situation. The exact number of those involved is not known, but according to the researcher investigating the case, the data of hundreds of customers may have been leaked. The incident may have occurred because proper authentication was not done on the order confirmation page.

“For a brand dealing with intimate products, ensuring privacy is key.”

– said security researcher Sourajeet Majumder to the portal reporting the incident.

A TechCrunch checked and found that customer order details were still available online at the time of writing. In order to keep malicious actors away, the paper did not share more details about the case.

The portal contacted the spokesperson of Durex’s parent company, Reckitt, Ravi Bhatnagar, who did not wish to comment on the case or future data protection measures.

Source: www.pcwplus.hu