iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Customers of condom and lubricant manufacturer Durex’s Indian subsidiary have had their data exposed online as the result of insufficient protection.
The Indian subsidiary of the condom maker reportedly leaked customer details on its website, including names, phone numbers, email addresses, product order history, shipping addresses and amount paid.
Speaking with TechCrunch, the security researcher who discovered the breach, Sourajeet Majumder, said that while the number affected by the breach is currently unknown, the data is still publicly accessible and that evidence of hundreds of people had been exposed. Details of the exposure have, therefore, been withheld by the media to prevent threat actors from using it.
“For a brand dealing with intimate products, ensuring privacy is crucial,” Majumder told TechCrunch.
The sensitive and personal nature of the data could be used by threat actors for extortion purposes, with scammers threatening to publicise data if they don’t receive payment. Additionally, other personal details could be used for future scams.
While Durex India is yet to comment on the incident, it does not appear that any financial or banking details other than the amount paid have been exposed.
TechCrunch reached out to Ravi Bhatnagar of Reckitt, Durex’s parent company, but received no comment.
It is unclear when Durex will fix the issue; however, Majumder said he had contacted India’s Computer Emergency Response Team (CERT-In) about the issue.
Cyber Daily has reached out to Durex for additional commentary.
Be the first to hear the latest developments in the cyber industry.
