Durex India leaks customer confidential data
Take action: It's monumentally embarrassing when Durex leaks - even if it's "just" data. On top of that, they are not taking any action to remedy the issue. Never ignore a flaw on your system, especially if customers are involved.
Learn More
Durex India has exposed sensitive customer information due to a lack of proper authentication on its order confirmation page. The flaw allowed unauthorized users to access private data, including:
- customer names,
- phone numbers,
- email addresses,
- shipping addresses,
- products ordered,
- amounts paid.
The breach, confirmed by a security researcher named Sourajeet Majumder and verified by TechCrunch, has left hundreds of customers' data vulnerable and open to potential misuse.
The leaked data could expose customers to social harassment, phishing attacks, and other forms of exploitation. Given Durex’s intimate product line, the leak raises significant privacy concerns for affected individuals.
The number of affected individuals is not disclosed.
The vulnerability remains unpatched, with the exploit still replicable. Neither Durex nor its parent company, Reckitt, has addressed the security issue publicly or confirmed any mitigation efforts.
Majumder reported the issue to India’s Computer Emergency Response Team (CERT-In), which acknowledged his report. However, no public response or action from Durex has been confirmed.
