Durex India, a branch of the globally recognized British brand known for condoms and personal lubricants, has inadvertently revealed personal information of its customers, including names and order details.
Security expert Sourajeet Majumder notified TechCrunch about the privacy infringement on the company’s website this week. The site was found leaking customer names, contact numbers, email addresses, delivery addresses, the items purchased, and the prices paid for those items. While the total number of customers affected remains uncertain, evidence suggests that the personal details of hundreds could have been exposed due to insufficient authentication measures on the order confirmation page.
“Privacy, especially for a company dealing in intimate items, is of paramount importance,” stated Majumder, emphasizing the critical nature of the issue.
TechCrunch confirmed Majumder’s discovery and noted that the leaked customer information was readily available online at the time of this report. To prevent facilitating malicious activities, specific details about the exposure are not disclosed.
Upon being informed of the security slip, Ravi Bhatnagar, a representative for Durex’s parent company Reckitt, chose not to comment or disclose whether measures would be taken to protect customer data.
Majumder expressed concerns to TechCrunch that the exposed data could lead to identity theft or result in unwelcome harassment for those whose information was leaked. He also reached out to India’s Computer Emergency Response Team (CERT-In), which acknowledged his report on the security oversight.
“This data breach could potentially subject affected customers to societal harassment or even moral policing, adding to the severity of the situation,” he added.