Internet commerce has exploded over the past year as a result of the coronavirus pandemic, which confined millions of people around the world to their homes for months on end in addition to shuttering all kinds of shops and commercial enterprises. That forced consumers to rely more than ever on the delivery of goods to their homes that they were unable to pick up in person — a boon, of course, for Internet giants like Amazon.
An Internet behemoth like Amazon, of course, is able to handle an influx of new customers and all the commercial and security imperatives that come in tandem with that influx. Smaller companies, apparently, not so much. Case in point: The Swedish fintech company Klarna acknowledged a data breach in recent days, one that inspired users of the company’s buy now pay later service to flock to social media and complain that they’d somehow gotten access to strangers’ personal data.
For example, one Twitter user fretted at the end of last week that, because she was able to log on to her Klarna account but saw someone else’s information, it could mean that someone else might be logging on and seeing her own personal data:
Each time I tried to log in to my @Klarna account this morning, I’m on someone else’s account? Does this also mean someone else might currently be my on account? What the hell is going on?!! @AskKlarna pic.twitter.com/hqimF2zx7S
— esra efe laborde (@esraefe) May 27, 2021
In a company blog post penned by Klarna co-founder and CEO Sebastian Siemiatkowski, he noted that the security issue is now resolved and only affected no more than 9,500 of the company’s app users.
“The bug led to random user data being exposed to the wrong user when accessing our user interfaces,” he explains. “It is important to note that the access to data has been entirely random and not showing any data containing card or bank details (obfuscated data was visible). Even though GDPR would classify the information visible as ‘non-sensitive,’ for Klarna all data is important. We are taking this incident very seriously and we will work tirelessly to regain the affected consumers’ trust.”
It was discovered that an update introduced the error into the company’s systems, with Klarna stressing that human error caused this bug as opposed to an external breach of some kind.
Of course, this counts as a potential data breach, because as the Twitter thread shows above, some Klarna users were apparently able to see information associated with other users — information that could potentially be exploited for malicious purposes. “Oh dear … I can see all the information they provided including stored bank details, addresses, phone numbers, purchases etc.,” the Klarna user explains in that Twitter thread, referring to other customer data that was apparently able to be seen. “This doesn’t look good.”
Related coverage: