Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Klarna suffers serious account security issue

Image Description

The mobile banking service Klarna recently experienced a serious security issue that allowed users of its app to see the accounts of other customers as well as their stored information when they logged in.

First launched back in 2005, Klarna is a Swedish bank that allows its users to make purchases and finance them over time in a similar way to how PayPal's Pay in 4 works.

When the company's customers logged into the app before the issue had been fixed, they saw the account information of other users instead of seeing their own accounts. To make matters worse, several Klarna customers reported on Twitter that each time they logged in, they would get access to a different account.

Once news of the issue began being widely reported, the company took its mobile app offline and when customers tried to login, they saw a message which read “Sorry, the Klarna app is currently down for maintenance”.

Self-inflicted incident

To Klarna's credit, the company's CEO Sebastian Siemiatkowski released a written statement on the issue and provided its customers with a detailed explanation only a few hours after the bug was discovered.

In his statement, Siemiatkowski explained that the incident was self-inflicted and that no sensitive user data was exposed, saying:

“Trust is at the very core of Klarna and banking. This is why we are sad and frustrated to inform you of a self-inflicted incident, that for 31 min affected not more than 9,500 of our app users. The bug led to random user data being exposed to the wrong user when accessing our user interfaces. It is important to note that the access to data has been entirely random and not showing any data containing card or bank details (obfuscated data was visible).”

As Klarna is based in Sweden, it is possible that the company could face fines under GDPR though Siemiatkowski pointed out in his written statement that the exposed data would classify as “non-sensitive” under the regulation.

Following its investigation into the issue, Klarna concluded that the bug was introduced into its systems as a result of human error as opposed to a cyberattack or external data breach.

Via BleepingComputer

Date

28 May 2021

Sources


Share


Other Blog

  • New Windows 10 patch preps users for the next major update

    Windows 10’s big Spring update is just around the corner, and Microsoft is now rolling out a reliability update in preparation.

    Read More
  • Long-term home workers and cyber threats

    Cyber-attacks threaten home workers, but clunky cybersecurity processes aren't helping encourage employees to stay safe.

    Read More
  • Netgear expands range of Wi-Fi 6 access points for SMBs

    Netgear now has a range of WiFi 6 access point devices for the price conscious SMB segment.

    Read More
  • AMD brings auto-overclocking and Windows 11 support to its Radeon graphics cards

    AMD's latest Adrenalin release is bringing auto-overclocking to its latest desktop hardware, Windows 11 support, and expands the list of games supporting AMD FidelityFX Super Resolution.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us