Klarna suffers serious account security issue
Mobile app bug allowed users to see the account information of other customers
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
The mobile banking serviceKlarnarecently experienced a serious security issue that allowed users of its app to see the accounts of other customers as well as their stored information when they logged in.
First launched back in 2005, Klarna is a Swedish bank that allows its users to make purchases and finance them over time in a similar way to how PayPal’sPay in 4works.
When the company’s customers logged into the app before the issue had been fixed, they saw the account information of other users instead of seeing their own accounts. To make matters worse, several Klarna customersreported on Twitterthat each time they logged in, they would get access to a different account.
Once news of the issue began being widely reported, the company took its mobile app offline and when customers tried to login, they saw a message which read “Sorry, the Klarna app is currently down for maintenance”.
Self-inflicted incident
To Klarna’s credit, the company’s CEO Sebastian Siemiatkowski released awritten statementon the issue and provided its customers with a detailed explanation only a few hours after the bug was discovered.
In his statement, Siemiatkowski explained that the incident was self-inflicted and that no sensitive user data was exposed, saying:
“Trust is at the very core of Klarna and banking. This is why we are sad and frustrated to inform you of a self-inflicted incident, that for 31 min affected not more than 9,500 of our app users. The bug led to random user data being exposed to the wrong user when accessing our user interfaces. It is important to note that the access to data has been entirely random and not showing any data containing card or bank details (obfuscated data was visible).”
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
As Klarna is based in Sweden, it is possible that the company could face fines underGDPRthough Siemiatkowski pointed out in his written statement that the exposed data would classify as “non-sensitive” under the regulation.
Following its investigation into the issue, Klarna concluded that the bug was introduced into its systems as a result ofhuman erroras opposed to a cyberattack or external data breach.
ViaBleepingComputer
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
This new phishing strategy utilizes GitHub comments to distribute malware
Arcane season 2 finally gave us the huge Caitlyn and Vi moment we’ve been waiting for – and its creators say ‘we couldn’t have done it in season one’
