دسته‌ها
اخبار

Durex India spilled customers’ private order data


Durex India, the Indian subsidiary of the British ، and personal lubricants ،nd, has exposed its customers’ personal information, including their full names and order details.

Security researcher Sourajeet Majumder contacted TechCrunch this week about the issue of exposing sensitive customer data on the ، maker’s website.

The ،nd’s website spilled customer names, p،ne numbers, email addresses, ،pping addresses, the ،ucts ordered and the amount paid. The exact number of affected customers is not known. However, the researcher found evidence that ،dreds of people had information exposed because of a lack of proper authentication on its order confirmation page.

“For a ،nd dealing with intimate ،ucts, ensuring privacy is crucial,” Majumder told TechCrunch.

TechCrunch verified Majumder’s findings, and found that customer order details were still accessible online at the time of writing. As such, TechCrunch is with،lding certain details about the exposure as to not aid malicious actors.

When reached by TechCrunch prior to publication about the exposed customer information, Ravi Bhatnagar, a spokesperson for Durex parent company Reckitt, declined to comment or say if the company plans to secure its customers’ information.

The researcher told TechCrunch that the data could be exploited for iden،y theft, and contact details may result in unwanted har،ment. Majumder said that he also contacted India’s Computer Emergency Response Team (CERT-In) about the security lapse, which acknowledged his email.

“Affected customers can also become victims of social har،ment or m، policing because of this leak,” the researcher said.


منبع: https://techcrunch.com/2024/08/28/durex-india-spilled-customers-private-order-data/