© 2024 CoolTechZone - Latest tech news,
product reviews, and analyses.

Data breach at Durex India, intimate details out in the open


The Indian branch of Durex has suffered a data breach. Because the confirmation page lacked proper authentication, personal and sensitive customer information was accessible.

Security researcher Sourajeet Majumder found out about the breach and contacted TechCrunch, who was able to verify Majumder’s findings.

According to the security expert, the British condom and lubricants vendor spilled the beans on customers’ names, phone numbers, email addresses, shipping addresses, purchase history and the amount they paid. All this sensitive information was accessible, because the order confirmation page wasn’t well-secured.

How many customers are affected by the incident remains unknown. Majumder estimates that ‘hundreds of people’ had their personal information exposed due to the data breach. Besides the company he also alerted India’s Computer Emergency Response Team (CERT-In), who acknowledged his email.

“For a brand dealing with intimate products, ensuring privacy is crucial. Affected customers can also become victims of social harassment or moral policing because of this leak,” the researcher said.

Majumder explained that the data that was obtained could be used for all kinds of criminal activities, including identity theft, spear phishing campaigns and harassment. Cybercriminals could impersonate Durex and convince gullible victims to download malware, or provide additional personal (financial) information.

TechCrunch approached both Durex India and parent company Reckitt. Spokesperson Ravi Bhatnagar however declined to comment on the matter. He also wouldn’t say if the company took steps to improve its customers’ information.

We currently don’t know if any malicious threat actors managed to exfiltrate sensitive customer information. As of writing, no messages were posted on the dark web regarding this incident.

Durex is the world’s best-selling condom and personal lubricant brand in the world, with a 30 percent share of the global market. It started in 1915 as the London Rubber Company and later merged with SSL International. In July 2010, SSL International was acquired by British-Dutch multinational consumer goods company Reckitt Benckiser for £ 2.5 billion.

In 2023, Reckitt Benckiser employed over 40,000 employees and earned over £ 14.6 billion in revenue.


Leave a Reply

Your email address will not be published. Required fields are marked