Subj : Durex India suffers embarrassing data leak, customer data breache To : All From : TechnologyDaily Date : Thu Aug 29 2024 10:45:05 Durex India suffers embarrassing data leak, customer data breached online Date: Thu, 29 Aug 2024 09:34:28 +0000 Description: Customer names and information about their orders, could be accessed by third parties following breach. FULL STORY ====================================================================== The Indian arm of Durex has suffered a security breach that saw a hoard of sensitive customer data stolen. A security researcher by the name of Sourajeet Majumder reached out to TechCrunch recently with the news of the leak at the company's Indian operation. He noted the website for Durex India lacked proper authentication on its order confirmation page, which made it possible for unauthenticated users to access private customer data. The data includes customer names, phone numbers, email addresses, shipping addresses, the products ordered and the amount paid. Confirmed claims We dont know exactly how many people are affected by this error, but apparently, they are in the hundreds. For a brand dealing with intimate products, ensuring privacy is crucial, Majumder said. TechCrunch says it has managed to confirm the researchers claims, and says the data is still available and that the exploit can still be replicated. Because of that, the details of the error are being withheld until Durex India fixes the issue. Following his discovery, Majumder reached out to Indias Computer Emergency Response Team (CERT-In) which acknowledged his email. Affected customers can also become victims of social harassment or moral policing because of this leak, he said. They can also be targeted by convincing phishing emails, impersonating Durex and tricking people into downloading malware, giving away payment data, or more. So far, neither Durex, nor its parent company Reckitt, discussed securing the information, despite being asked by the publication. At the moment, we dont know if any malicious actors discovered the data, or managed to exfiltrate it, but given that the news is now out there, and that the bug can be replicated, its safe to assume that it is only a matter of time. More from TechRadar Pro Millions of data files exposed in massive security breach see if your business is affected Here's a list of the best firewall software around today These are the best endpoint security tools right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/durex-india-suffers-embarrassing-data-l eak-customer-data-breached-online --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .