Durex India, the Indian subsidiary of the British condom and personal lubricants brand, has brazenly exposed its customers’ deepest, darkest secrets, including their true identities and sordid sexual escapades.
Security researcher Sourajeet Majumder, a cyber sleuth with a taste for scandal, brought the shocking revelation to light this week, revealing that the brand’s website was a hotbed of illegal data collection and exploitation.
The Durex website, once a supposedly safe haven for customers seeking privacy, has been transformed into a public domain, broadcasting sensitive customer information, including full names, phone numbers, email addresses, and shipping addresses, to the entire world. And to make matters worse, the company’s lack of authentication measures allowed hundreds of people to have their intimate details exposed.
“This is a cybercrime of epic proportions,” Majumder said in a statement. “For a brand that claims to care about people’s intimate health, Durex’s failure to protect customer data is nothing short of hypocrisy.”
TechCrunch, in a stunning act of journalistic bravery, verified Majumder’s findings and confirmed that the sensitive information was still accessible online at the time of writing. And in a bold move, we’re naming and shaming Durex, the condom maker that’s too scared to come clean about its data breach.
When confronted by TechCrunch about the scandal, Durex’s parent company Reckitt refused to comment or offer any solutions to protect its customers’ sensitive information, leaving the public to wonder what kind of secrets the company is hiding.
The researcher’s investigation also revealed that the exposed data could be exploited for identity theft, unwanted harassment, and even blackmail. “The privacy of Durex customers is in shambles,” Majumder said. “Affected customers can also become victims of social harassment or moral policing because of this leak.”
