Swedish online payment services provider Klarna has recently apologized for a critical user security breach incident that consequenced in users getting logged into other users’ accounts.
Critical Klarna Bug:
This ultimately led to the logged-in users being able to view other members’ private data such as name, associated postal address, purchases, and payment methods.
Reportedly, partial banking details were also visible in the Klarna security breach incident making it all the more critical.
Some of the users of the online payment services also provide that they were logged into other users’ accounts every time they tried to access their own accounts.
Self-Inflicted Security flaw:
Subsequently, Klarna had to temporarily take down its application services to prevent further user security breaches and sensitive data leak occurrence.
According to Klarna, the problem was zeroed down to a bug that became persistent in its systems during an update rather than any external breach
The fintech firm was able to resolve the issue by rolling back the faulty update before restoring services.
Statements from Klarna regarding the data leak incident stated that a total of 9,500 app users over the course of 31 minutes, adding that only app logins were affected by the issue.
“At 11:04 am CET this morning, we discovered that an update introduced 15 min earlier had led to an error affecting our app users. Our payment services, the Klarna Card, the merchant checkouts, and the merchant’s user interfaces, were completely unaffected by this. At 11.20.42 am CET the error was deemed to be contained and fixed.
“It is concluded that a human error caused the bug, and it was not an external breach of our systems. Despite following our set release process, we could still deploy a bug into our systems. This deems our release process to require reviewing and improvement to prevent errors like these in the future.”
While issuing the apology, the online payments services prover noted that he will nonetheless review its software release process as a precautionary measure.
Experts are of the opinion that the Klarna privacy breach issue was a result of a self-inflicted bug and not a targeted attack instance scenario.