Durex India, the Indian branch of the British condom-maker, has exposed sensitive customer information collected through its official website, according to a report by TechCrunch. The security breach, first identified by researcher Sourajeet Majumder, revealed personal details including customers’ full names, contact information, email addresses, shipping addresses, and order details.
While the exact number of affected customers remains unclear, evidence suggests that the information of hundreds of individuals was compromised due to inadequate authentication protocols on Durex’s order confirmation page. Notably, the leaked customer order details were still accessible online, raising significant concerns about privacy and security.
The breach poses multiple risks to affected customers, including the potential for phishing attacks, identity theft, and harassment by malicious actors who could exploit the exposed data. Despite these risks, Ravi Bhatnagar, a spokesperson for Durex’s parent company, Reckitt, declined to comment on the breach or provide details on the measures the company plans to take to protect its customers moving forward.