Durex India, the local arm of the well-known British condom brand, has suffered a significant data breach that exposed sensitive customer details. Security researcher Sourajeet Majumder discovered that inadequate security on the brand’s order confirmation page led to the leak of customers’ names, phone numbers, email addresses, shipping details, and order information. The breach potentially affects hundreds of customers, raising concerns about identity theft and social harassment. Majumder notified India’s Computer Emergency Response Team (CERT-In), while Durex’s parent company, Reckitt, has yet to comment on the incident.
“A leak as such not only puts the customer’s privacy at risk but also makes them prone to social harassment or moral policing,” Majumder warned.
