Durex India, the Indian branch of the British condom and personal lubricants brand, leaked sensitive information about its customers, such as their full names and order information
This week, security researcher Sourajeet Majumder told TechCrunch that the condom maker’s website had private customer data visible to everyone.
The website for the brand leaked customer names, phone numbers, email addresses, shipping addresses, the items they bought, and how much they paid. No one knows for sure how many people will be affected. However, the researcher found proof that information about hundreds of people was made public because the sale confirmation page did not have proper authentication.
Majumder told TechCrunch, “Privacy is very important for a brand that sells intimate products.”
Majumder’s findings were confirmed by TechCrunch, which found that customer order information could still be found online at the time of writing. Because of this, TechCrunch isn’t giving away some information about the exposure so as not to help evil people.
TechCrunch asked Ravi Bhatnagar, a spokesman for Durex’s parent company Reckitt, about the customer information that was exposed before it was published. He refused to comment or say if the company plans to protect its customers’ information.
According to the researcher, TechCrunch, the information could be used to steal identities, and contact information could lead to unwanted pestering. Majumder also told India’s Computer Emergency Response Team (CERT-In) about the security hole, and they replied to his email.