DIGITAL CONTENT CREATOR

The mobile banking service Klarna recently suffered a serious security issue that enabled users of its app to see the accounts of other customers as well as their stored information when they logged in.

The buy-now-pay-later company stated that the vulnerability which allowed its customers to access each other’s information happened because of a human error, not because of an external breach of their systems.

Klarna Bank AB, commonly referred to as Klarna, is a Swedish fintech company that provides online financial services such as payments for online storefronts, direct payments, and post-purchase payments.

Yesterday, users announced that when they logged into the Klarna mobile app, they were displayed the account details for other customers instead of seeing their own accounts.

Once news of the problem started being widely reported, the organization disabled its mobile app for several hours and when customers tried to log in, they saw a message which read “Sorry, the Klarna app is currently down for maintenance”.

Klarna mobile app disabled

Source

Klarna declares that a recent update led to the technical issue that exposed the data of 0.1%, or approximately 90,000, users.

In a statement about the mobile app bug, the company declared:

This is why we are sad and frustrated to inform you of a self-inflicted incident, that for 31 min affected up to 0.1%, approximately 90 000, of our users. The bug led to random user data being exposed to the wrong user when accessing our user interfaces.

Source

The mobile banking service mentioned that the access to data has been completely random and not showed any data containing financial information. This means that it has been impossible to access a specific user’s data. According to GDPR standards, only non-sensitive data was exposed.

While Klarna states that the vulnerability affected only non-sensitive data, customers claim otherwise. They say they were able to see sensitive data such as names, mobile numbers, addresses, stored bank accounts, purchases, and saved credit cards.

And what’s worse, Klarna customers state that each time they logged into the mobile app, they would get access to a new account.

Banking and Insurance Cybersecurity in 2021: Threats and Considerations

GDPR and Data Breach Risks: An Interview with Bogdan Manolea of ApTI

The 10 Critical Steps to Take After a Data Security Breach

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP