Heimdal
article featured image

Contents:

The mobile banking service Klarna recently suffered a serious security issue that enabled users of its app to see the accounts of other customers as well as their stored information when they logged in.

The buy-now-pay-later company stated that the vulnerability which allowed its customers to access each other’s information happened because of a human error, not because of an external breach of their systems.

Klarna Bank AB, commonly referred to as Klarna, is a Swedish fintech company that provides online financial services such as payments for online storefronts, direct payments, and post-purchase payments.

Yesterday, users announced that when they logged into the Klarna mobile app, they were displayed the account details for other customers instead of seeing their own accounts.

Once news of the problem started being widely reported, the organization disabled its mobile app for several hours and when customers tried to log in, they saw a message which read “Sorry, the Klarna app is currently down for maintenance”.

Klarna mobile app disabled

Source

Klarna declares that a recent update led to the technical issue that exposed the data of 0.1%, or approximately 90,000, users.

In a statement about the mobile app bug, the company declared:

This is why we are sad and frustrated to inform you of a self-inflicted incident, that for 31 min affected up to 0.1%, approximately 90 000, of our users. The bug led to random user data being exposed to the wrong user when accessing our user interfaces.

Source

The mobile banking service mentioned that the access to data has been completely random and not showed any data containing financial information. This means that it has been impossible to access a specific user’s data. According to GDPR standards, only non-sensitive data was exposed.

While Klarna states that the vulnerability affected only non-sensitive data, customers claim otherwise. They say they were able to see sensitive data such as names, mobile numbers, addresses, stored bank accounts, purchases, and saved credit cards.

And what’s worse, Klarna customers state that each time they logged into the mobile app, they would get access to a new account.

Author Profile

Antonia Din

PR & Video Content Manager

linkedin icon

As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.

Leave a Reply

Your email address will not be published. Required fields are marked *

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE