08-30-2024, 07:30 AM
Durex India, the Indian branch of the renowned British condom and personal lubricants brand, has inadvertently exposed sensitive customer information due to a security vulnerability on its website. Security researcher Sourajeet Majumder revealed to TechCrunch that the company’s site has been leaking personal details including full names, phone numbers, email addresses, shipping addresses, and order specifics.
The breach stems from inadequate authentication measures on the website’s order confirmation page. Although the exact number of affected individuals remains unknown, evidence suggests that hundreds of customers may be impacted. Majumder highlighted the gravity of the issue, emphasizing the critical importance of privacy for a brand dealing with intimate products.
TechCrunch's investigation confirmed Majumder’s findings and noted that exposed customer order details were still accessible online at the time of the report. To avoid aiding potential malicious actors, TechCrunch has chosen to withhold specific details about the exposure.
When approached by TechCrunch for comment, Ravi Bhatnagar, a spokesperson for Durex's parent company, Reckitt, declined to provide a response or indicate any plans to address the security lapse.
Majumder warned that the exposed data could be exploited for identity theft and lead to unwanted harassment. He has also reported the incident to India’s Computer Emergency Response Team (CERT-In), which has acknowledged receipt of his communication.
source: https://techcrunch.com/2024/08/28/durex-...rder-data/
The breach stems from inadequate authentication measures on the website’s order confirmation page. Although the exact number of affected individuals remains unknown, evidence suggests that hundreds of customers may be impacted. Majumder highlighted the gravity of the issue, emphasizing the critical importance of privacy for a brand dealing with intimate products.
TechCrunch's investigation confirmed Majumder’s findings and noted that exposed customer order details were still accessible online at the time of the report. To avoid aiding potential malicious actors, TechCrunch has chosen to withhold specific details about the exposure.
When approached by TechCrunch for comment, Ravi Bhatnagar, a spokesperson for Durex's parent company, Reckitt, declined to provide a response or indicate any plans to address the security lapse.
Majumder warned that the exposed data could be exploited for identity theft and lead to unwanted harassment. He has also reported the incident to India’s Computer Emergency Response Team (CERT-In), which has acknowledged receipt of his communication.
source: https://techcrunch.com/2024/08/28/durex-...rder-data/