Durex India, the Indian division of a British brand that sells condoms and personal lubricants, accidentally revealed personal information of its customers. This included their names and details of their orders.
A security researcher named Sourajeet Majumder informed TechCrunch about this issue. He discovered that the brand’s website was showing customer names, phone numbers, email addresses, shipping addresses, products ordered, and payment amounts. It is not clear how many customers were affected, but evidence suggests that hundreds had their information exposed due to lack of proper security measures on the website.
Majumder emphasized the importance of privacy for a brand selling intimate products. TechCrunch confirmed his findings and noted that customer details were still accessible online when the report was written. To prevent misuse of this information, certain details were not disclosed.
When contacted by TechCrunch, Ravi Bhatnagar, a spokesperson for Durex’s parent company Reckitt, declined to comment on the issue or discuss plans to enhance customer data security.
Majumder warned that the leaked data could be used for identity theft and lead to unwanted harassment. He also informed India’s Computer Emergency Response Team (CERT-In) about the security breach, which acknowledged his report.
The researcher expressed concern that affected customers might face social harassment or moral judgment as a result of this privacy violation.
Other Stories
Fluid Truck removes sibling co-founders over fund mismanagement
Uber invests in UK’s Wayve to advance self-driving tech