Durex

History

2024: Getting Customer Data Online

In early September 2024, it became known that the personal data of customers of the Indian division of Durex, which is engaged in the production of condoms and personal hygiene products, got into the network. Among other things, the full names and order data of customers, which fraudsters can use for blackmail and extortion, got on the Internet.

It is known that the reason for the data dump was authentication problems on the order confirmation page. As a result, the website of the Indian division of the company published the names of customers, phone numbers, email addresses, delivery addresses, descriptions of ordered products and the paid amount. The exact number of affected customers remained unknown. However, cybersecurity researcher Sorajit Majumder believes that due to the lack of proper authentication mechanisms, the data of hundreds of clients got into the network. A representative of Durex declined to comment on the situation and did not say how the company plans to protect its customers' information after the leak.

Techcrunch.com

For a brand that handles intimate goods, privacy is critical, "Sorajit Majumder noted. - Due to this leak, affected customers can become victims of not only financial fraud, but also social persecution, moral pressure or bullying.

It is believed that the published data can be used to steal other personal data, as well as extortion and prosecution. With customer order data still available online at the time of writing, the sources decided to hide some details about the incident so as not to help the attackers. It is not yet known what steps Durex intends to take.^[1]

Notes