Durex India, the Indian subsidiary of the British condom and private lubricants model, has uncovered its prospects’ private info, together with their full names and order particulars.
Safety researcher Sourajeet Majumder contacted TechCrunch this week concerning the concern of exposing delicate buyer information on the condom maker’s web site.
The model’s web site spilled buyer names, cellphone numbers, e mail addresses, transport addresses, the merchandise ordered and the quantity paid. The precise variety of affected prospects isn’t identified. Nevertheless, the researcher discovered proof that a whole bunch of individuals had info uncovered due to a scarcity of correct authentication on its order affirmation web page.
“For a model coping with intimate merchandise, making certain privateness is essential,” Majumder advised TechCrunch.
TechCrunch verified Majumder’s findings, and located that buyer order particulars have been nonetheless accessible on-line on the time of writing. As such, TechCrunch is withholding sure particulars concerning the publicity as to not assist malicious actors.
When reached by TechCrunch previous to publication concerning the uncovered buyer info, Ravi Bhatnagar, a spokesperson for Durex guardian firm Reckitt, declined to remark or say if the corporate plans to safe its prospects’ info.
The researcher advised TechCrunch that the information may very well be exploited for id theft, and make contact with particulars could end in undesirable harassment. Majumder stated that he additionally contacted India’s Pc Emergency Response Workforce (CERT-In) concerning the safety lapse, which acknowledged his e mail.
“Affected prospects may also grow to be victims of social harassment or ethical policing due to this leak,” the researcher stated.
