Durex India’s website has recently been the target of a significant security breach, resulting in the exposure of sensitive customer data. The breach was identified by security researcher Sourajeet Majumder, who revealed that the company’s order confirmation page lacked proper authentication measures. This critical vulnerability allowed unauthorized individuals to access confidential customer information, including names, phone numbers, email addresses, shipping details, and order specifics.
The breach has reportedly affected hundreds of customers, though the exact number remains unclear. The exposed data is still accessible, and the vulnerability can be replicated, raising serious concerns about the security of Durex India’s website. Majumder, who reported the issue to India’s Computer Emergency Response Team (CERT-In), noted that the flawed system poses significant risks to affected customers, who might face social harassment or phishing attacks due to the leaked information.
Despite the severity of the breach, neither Durex India nor its parent company, Reckitt, has publicly addressed the issue or communicated any steps taken to rectify the problem. The failure to secure the exposed data and implement necessary fixes has left customers vulnerable to further exploitation, including phishing schemes designed to extract additional personal and financial information.
As the situation develops, it is crucial for Durex India to act swiftly to address the security lapse and protect its customers from potential harm. The incident underscores the importance of robust security measures, especially for companies handling sensitive customer data. Until the breach is fully resolved, affected individuals are advised to be vigilant against phishing attempts and to monitor their financial accounts for any unusual activity.
Reference:
