Durex India exposed sensitive consumer data and order details: Report
Durex India, the Indian branch of the British condom-maker, exposed sensitive user information collected by its official website.
The exposed data included customers’ full names, contact information, email address, shipping address, and order details, a report from TechCrunch said.
Security researcher Sourajeet Majumder first discovered the security leak.
While the exact number of affected customers is not known, researchers found evidence that the information of hundreds of customers was exposed due to the lack of proper authentication on the condom-maker’s order confirmation page.
Customer order details were still accessible online.
Meanwhile, Ravi Bhatnagar, a spokesperson for the Durex parent company Reckitt, declined to comment or share information on how the company plans to secure its customers’ information, the report said.
Threat actors could exploit the data exposed on Durex’s website to launch phishing attacks, perform identity theft, and even harass customers.