This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Durex leak reveals customer details, in a week where data loss has risen to incredible levels

Share this article:

A website selling Durex condoms in India suffered a data breach that revealed customers' names and orders.

Databreaches.net reported that on 5th March, a customer reportedly discovered that anyone could view his and other customers' orders on the kohinoorpassion.com website by simply inserting a different order ID number in the URL without any login required.

Available information included names, addresses, phone numbers and the type of products ordered, and it claimed that from what a customer could determine, the earliest order exposed online dated back to 23rd February 2009, but there is no confirmation as to for how long the customer records might have been accessible without a login. According to the customer's website about the breach, no credit card or financial data were exposed.

The customer said that he contacted TTK-LIG, the marketer of the Durex brand in India and manufacturer of Kohinoor condoms, and SSL International the owner of the Durex brand worldwide about the problem and that by the next day, the site appeared to be better secured

The customer kept a blog of the incident and subsequent legal dealings with TTK-LIG's lawyers. This can be viewed here.

Amichai Shulman, CTO of Imperva, claimed that victims of data breaches need to look beyond basic vulnerabilities such as SQL injections.

He said: “It is always amazing that companies don't think their site defences will be probed by increasingly sophisticated hackers, let alone inquisitive internet users.

“The fall-out from this saga is that the company has now been severely embarrassed internationally, and that's before any legal or regulatory action is involved. Companies need to wake up and smell the coffee when it comes to website security. A failure to make a modest investment at the development and implementation stages can result in considerably more cost - and damage to reputation - in the longer term."

In a week where data loss has been brought back to the fore, the problem was at its paramount with the loss of the data of 3.3 million people by the Educational Credit Management Corporation (ECMC).

Dave Everitt, general manager, EMEA at Absolute Software, said that what was most alarming about that loss was the fact that it failed to get the basics right.

He said: “Having so much data held on one portable device with inadequate security measures in place is unacceptable. It's crucial for organisations to understand the importance of knowing where your data is at all times.

“It might sound obvious, but IT departments need to be managing and monitoring all devices on a daily basis. They need to be certain they have complete visibility over who is using which device, especially as organisations are operating with greater mobility, which increases the risk of data loss.

“Getting the basics right means that if the worst happens, organisations know exactly what devices to shut down and what data is likely to be at risk. It is the ability to then delete, track and even recover the data that will put IT back in control of its assets and save the reputation of the organisation.”

Anders Pettersson, CSO at BlockMaster, called the incident ‘another scenario where data security has failed'.

He said: “These are the risks which materialise as a result of slow adoption of security technologies and a lack of responsibility from end-users. Why is there an option to export 3.3 million people's data onto anything but a secure device? There is no reason to lose data on USBs if they are misplaced today.

“To add to this, the upcoming Information Commissioner's Office penalty should hopefully start to make businesses think more proactively about security. Businesses and the public alike should not have to worry about their details falling into the wrong hands. A secure device with instant password protection and automatic hardware encryption solves one of the most pressing issues, the USB problem, and that is the first piece of the security puzzle.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

VC cyber security funding tops £850 million

VC cyber security funding tops £850 million

A new study from US-based research firm CBI Insights reveals that corporate cyber security investments have risen five-fold since 2009, with 30 percent growth in the last year alone.

Russian/Chinese cyber-security pact raises concerns

Russian/Chinese cyber-security pact raises concerns

News that Russia and China are set to sign a cyber-security treaty next month have left Western cyber experts unsure whether it is a threat or a promising development.

UK police arrest trio over £1.6 million cyber theft from cash machines

UK police arrest trio over £1.6 million cyber ...

London Police have arrested three suspected members of an Eastern European cyber-crime gang who installed malware on more than 50 bank ATM machines across the UK to steal £1.6 million.