Durex India accidentally reveals customers’ personal information and order details

Security vulnerability due to improper authentication

The security breach was attributed to a lack of proper authentication on Durex India’s order confirmation page.

This oversight resulted in the disclosure of confidential customer information.

While the exact number of customers affected has not yet been determined, Majumder found evidence that hundreds of people's personal information was exposed as a result of this error.

Company remains silent

TechCrunch Majumder's findings were independently verified and confirmed that the customer's order details remained available online.

The publication has chosen to withhold some details about the disclosure to avoid supporting potentially malicious actors.

When contacted by TechCrunch Ravi Bhatnagar, a spokesman for Durex's parent company Reckitt, declined to comment on the disclosed customer data or say whether the company plans to secure its customers' information.

Data theft can lead to identity theft and harassment

Majumder warned that the disclosed data could be used for identity theft and the contact details could lead to unwanted harassment.

He also informed India's Computer Emergency Response Team (CERT-In) about the security breach, which confirmed his email.

“Affected customers may also become victims of social harassment or moral surveillance due to this leak,” said Majumder TechCrunchand highlights the potential risks associated with such data breaches.