Durex India, the Indian subsidiary of the British condom and private lubricant model, has printed private info of consumers, together with their names and order particulars.
Safety researcher Sourajeet Majumder contacted TechCrunch this week a few condom producer’s web site leaking delicate buyer information.
The model’s web site uncovered buyer names, telephone numbers, e-mail addresses, supply addresses, merchandise ordered, and quantities paid. The precise variety of clients affected is unclear, however researchers discovered proof that lots of of individuals’s info was uncovered as a result of a scarcity of correct authentication on the order affirmation web page.
“Privateness is essential for intimate items manufacturers,” Majumdar informed TechCrunch.
TechCrunch has verified Majumder’s findings and located that buyer order particulars have been nonetheless accessible on-line on the time of writing, which is why TechCrunch is withholding particular particulars in regards to the breach to keep away from aiding unhealthy actors.
TechCrunch reached out to Reckitt in regards to the breach forward of its publication, however Ravi Bhatnagar, a spokesman for Durex’s father or mother firm, Reckitt, declined to touch upon whether or not the corporate had plans to guard buyer info.
The researcher informed TechCrunch that the info may very well be used for identification theft, and that the contact particulars may result in undesirable harassment.Majumdar mentioned he had additionally contacted the Pc Emergency Response Staff of India (CERT-In) in regards to the safety flaw, who acknowledged the existence of his emails.
“The leak can also expose affected clients to social harassment and ethical policing,” the researchers mentioned.
