Durex India, the Indian subsidiary of the British condom and private lubricants model, has uncovered its clients’ private data, together with their full names and order particulars.
Safety researcher Sourajeet Majumder contacted TechCrunch this week in regards to the problem of exposing delicate buyer information on the condom maker’s web site.
The model’s web site spilled buyer names, cellphone numbers, electronic mail addresses, transport addresses, the merchandise ordered and the quantity paid. The precise variety of affected clients will not be recognized. Nevertheless, the researcher discovered proof that a whole lot of individuals had data uncovered due to an absence of correct authentication on its order affirmation web page.
“For a model coping with intimate merchandise, guaranteeing privateness is essential,” Majumder advised TechCrunch.
TechCrunch verified Majumder’s findings, and located that buyer order particulars have been nonetheless accessible on-line on the time of writing. As such, TechCrunch is withholding sure particulars in regards to the publicity as to not support malicious actors.
When reached by TechCrunch previous to publication in regards to the uncovered buyer data, Ravi Bhatnagar, a spokesperson for Durex mum or dad firm Reckitt, declined to remark or say if the corporate plans to safe its clients’ data.
The researcher advised TechCrunch that the info might be exploited for identification theft, and make contact with particulars might end in undesirable harassment. Majumder mentioned that he additionally contacted India’s Laptop Emergency Response Crew (CERT-In) in regards to the safety lapse, which acknowledged his electronic mail.
“Affected clients may also turn out to be victims of social harassment or ethical policing due to this leak,” the researcher mentioned.
Add Comment