- Durex India’s website exposes customer data
- Hundreds affected by security lapse
- Company remains silent on plans to address the issue
Whoops, the rubber slipped
Durex India, a subsidiary of the renowned British condom and personal lubricants brand, has inadvertently exposed sensitive customer information on its website.
The security lapse revealed full names, order details, phone numbers, email addresses, and shipping information of hundreds of customers.
Privacy protection fails
Security researcher Sourajeet Majumder discovered the vulnerability, which stemmed from a lack of proper authentication on the order confirmation page.
Majumder emphasized the critical importance of privacy for a brand dealing with intimate products.
No comment, no fix
Despite being contacted by TechCrunch, Reckitt, Durex’s parent company, declined to comment on the situation or indicate any plans to secure customer information.
The exposed data remains accessible online, raising concerns about potential identity theft and harassment risks.
