Durex India Customer’s Private Order Data Leaked
Date: August 29, 2024
Durex, the company known for making intimate products, has come into the spotlight for an alleged breach that exposed sensitive customer data.
Durex India is one of the most popular brands for intimate wellness and hygiene. However, the nature of the company's products makes its purchase discretion a must. A security researcher, Sourajeet Majumder, recently found security issues on Durex India’s website that exposed sensitive information about its consumers to the public.
Durex's website has allegedly spilled critical customer data, including contact name, phone number, email address, shipping address, order history, and transaction records. This information can collectively provide insider data to bad actors for conducting extortion scams, social harassment scenarios, and much more. The exact count of exposed customer accounts is unclear as the company has not responded to the comment requests of any public media house.
The main reason behind the leak of personal information stems from the lack of a secure authentication process on the order confirmation page. Sourajeet reverse-engineered the page to discover loads of evidence of exposure. There is no clarity either by the company or any legal authority on the issue, which keeps the total number of victims in the dark.
“For a brand dealing with intimate products, ensuring privacy is crucial,” Majumder told a tech media house. The media house then investigated independently to find out the same result. The verification team found customer order details still visible on the platform but kept them confidential to prevent bad actors from harming them in any way.
Being an intimate products brand with a global presence as one of the top condom-makers, Durex should have had a better protection layer for its customers. This security inadequacy also puts the security protocols of Durex’s global and country-wide websites under scrutiny and skepticism. The researcher has already contacted the Indian Computer Emergency Response Team (CERT-In) about the risk of the potential breach, and appropriate action will be commenced soon.
By Arpit Dubey
Arpit is a dreamer, wanderer, and tech nerd who loves to jot down tech musings and updates. With a knack for crafting compelling narratives, Arpit has a sharp specialization in everything: from Predictive Analytics to Game Development, along with artificial intelligence (AI), Cloud Computing, IoT, and let’s not forget SaaS, healthcare, and more. Arpit crafts content that’s as strategic as it is compelling. With a Logician's mind, he is always chasing sunrises and tech advancements while secretly preparing for the robot uprising.
// Recommended
Pinterest Follows Amazon in Layoffs Trend, Shares Fall by 9%
AI-driven restructuring fuels Pinterest layoffs, mirroring Amazon’s strategy, as investors react sharply and question short-term growth and advertising momentum.
Clawdbot Rebrands to "Moltbot" After Anthropic Trademark Pressure: The Viral AI Agent That’s Selling Mac Minis
Clawdbot is now Moltbot. The open-source AI agent was renamed after Anthropic cited trademark concerns regarding its similarity to their Claude models.
Amazon Bungles 'Project Dawn' Layoff Launch With Premature Internal Email Leak
"Project Dawn" leaks trigger widespread panic as an accidental email leaves thousands of Amazon employees bracing for a corporate cull.
OpenAI Launches Prism, an AI-Native Workspace to Shake Up Scientific Research
Prism transforms the scientific workflow by automating LaTeX, citing literature, and turning raw research into publication-ready papers with GPT-5.2 precision.
Have newsworthy information in tech we can share with our community?
Related Content
