Durex India suffers embarrassing data leak, customer data breached online

Durex customer names and order details could be accessed by third parties

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The Indianarmof Durex has suffered a security breach that saw a hoard of sensitive customer data stolen.

A security researcher by the name of Sourajeet Majumder reached out toTechCrunchrecently with the news of the leak at the company’s Indian operation. He noted the website for Durex India lacked proper authentication on its order confirmation page, which made it possible for unauthenticated users to access private customer data.

The data includes customer names, phone numbers, email addresses, shipping addresses, the products ordered and the amount paid.

Confirmed claims

We don’t know exactly how many people are affected by this error, but apparently, they are in the hundreds.

“For a brand dealing with intimate products, ensuring privacy is crucial,” Majumder said.

TechCrunch says it has managed to confirm the researcher’s claims, and says the data is still available and that the exploit can still be replicated. Because of that, the details of the error are being withheld until Durex India fixes the issue.

Following his discovery, Majumder reached out to India’s Computer Emergency Response Team (CERT-In) which “acknowledged his email.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“Affected customers can also become victims of social harassment or moral policing because of this leak,” he said. They can also be targeted by convincing phishing emails, impersonating Durex and tricking people into downloading malware, giving away payment data, or more.

So far, neither Durex, nor its parent company Reckitt, discussed securing the information, despite being asked by the publication. At the moment, we don’t know if any malicious actors discovered the data, or managed to exfiltrate it, but given that the news is now out there, and that the bug can be replicated, it’s safe to assume that it is only a matter of time.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

I review TVs for a living and this record-low price on the Hisense U8N is one of the best early Black Friday deals I’ve seen