#News

Durex India Customer’s Private Order Data Leaked

Date: August 29, 2024

Durex, the company known for making intimate products, has come into the spotlight for an alleged breach that exposed sensitive customer data.

Durex India is one of the most popular brands for intimate wellness and hygiene. However, the nature of the company's products makes its purchase discretion a must. A security researcher, Sourajeet Majumder, recently found security issues on Durex India’s website that exposed sensitive information about its consumers to the public.

Durex's website has allegedly spilled critical customer data, including contact name, phone number, email address, shipping address, order history, and transaction records. This information can collectively provide insider data to bad actors for conducting extortion scams, social harassment scenarios, and much more. The exact count of exposed customer accounts is unclear as the company has not responded to the comment requests of any public media house.

The main reason behind the leak of personal information stems from the lack of a secure authentication process on the order confirmation page. Sourajeet reverse-engineered the page to discover loads of evidence of exposure. There is no clarity either by the company or any legal authority on the issue, which keeps the total number of victims in the dark.

“For a brand dealing with intimate products, ensuring privacy is crucial,” Majumder told a tech media house. The media house then investigated independently to find out the same result. The verification team found customer order details still visible on the platform but kept them confidential to prevent bad actors from harming them in any way.

Being an intimate products brand with a global presence as one of the top condom-makers, Durex should have had a better protection layer for its customers. This security inadequacy also puts the security protocols of Durex’s global and country-wide websites under scrutiny and skepticism. The researcher has already contacted the Indian Computer Emergency Response Team (CERT-In) about the risk of the potential breach, and appropriate action will be commenced soon.

By Arpit Dubey

Arpit is a dreamer, wanderer, and tech nerd who loves to jot down tech musings and updates. With a knack for crafting compelling narratives, Arpit has a sharp specialization in everything: from Predictive Analytics to Game Development, along with artificial intelligence (AI), Cloud Computing, IoT, and let’s not forget SaaS, healthcare, and more. Arpit crafts content that’s as strategic as it is compelling. With a Logician's mind, he is always chasing sunrises and tech advancements while secretly preparing for the robot uprising.

// Recommended

OpenAI Is Building an Audio-First AI Model And It Wants to Put It in Your Pocket

New real-time audio model targeted for Q1 2026 alongside consumer device ambitions.

Nvidia in Advanced Talks to Acquire Israel's AI21 Labs for Up to $3 Billion

Deal would mark chipmaker's fourth major Israeli acquisition and signal shifting dynamics in enterprise AI.

Nvidia Finalizes $5 Billion Stake in Intel after FTC approval

The deal marks a significant lifeline for Intel and signals a new era of collaboration between two of America's most powerful chipmakers.

Manus Changed How AI Agents Work. Now It's Coming to 3 Billion Meta Users

The social media giant's purchase of the Singapore-based firm marks its third-largest acquisition ever, as the race for AI dominance intensifies.

Have newsworthy information in tech we can share with our community?