9500 Klarna's app users affected by recent data breach

May 28, 2021 07:03 GMT  ·  By

Klarna, a popular online payment company, was forced to temporarily shut down its service after complaints that users were being indiscriminately logged into other people's accounts.  

Klarna advertises itself as the world's largest payment and shopping service, offering smarter and more flexible shopping experiences to 90 million active consumers at more than 250,000 merchants in 17 countries.

According to the Swedish website Di.Se (translated), users were able to see the full details of other accounts, including their personal details, postal address, purchases, and payment methods. Some of a bank's information was also leaked. According to the tweet posted below, it was apparently possible to change the profile of the random account one was logged into.   

The scenario was made even worse by the fact that every time a user tried to log in again or refresh the page to see their own details, another user's details appeared, resulting in a random chain of accounts and a complete breakdown of security.

Klarna website was down to prevent more data breaches 

Anyone who visited the Klarna website yesterday saw the warning, "We are currently experiencing system disturbances caused by a technical error. We apologize for any inconvenience this is causing. Whilst we are addressing the issue, customers are unable to log into the app".

Klarna has initiated a service outage to prevent all customers from accessing the service while it investigated the issue but reinstated the services after they managed to fix the bugs.

The company reinstated the services after the incident was resolved 

Klarna said in a statement released on Thursday, "Trust is at the very core of Klarna and banking. This is why we are sad and frustrated to inform you of a self-inflicted incident, that for 31 min affected not more than 9,500 of our app users. The bug led to random user data being exposed to the wrong user when accessing our user interfaces. It is important to note that the access to data has been entirely random and not showing any data containing card or bank details (obfuscated data was visible)".

They continue to investigate and understand which consumers were affected and how. Moreover, they are trying to figure out how the risk assessment of the specific schemes was flawed in order to make appropriate changes to avoid this and similar situations in the future.

Klarna apologized for the inconvenience and reassured consumers that their trust and security is of paramount importance to them.