"The buy-now, pay-later company Klarna feared that as many as 288,000 customers' login details were exposed in a data glitch, which could have cost the company up to $41.8 million, according to internal messages. It turned out the impact wasn't as bad as originally thought. A Klarna spokesperson told Business Insider that "the actual number of impacted accounts is estimated at more than ~99% lower than the initial theoretical scope" of 288,000."
"Internal Slack messages, seen by Business Insider, show the Sweden-based company dealt with a problem caused by the absence of login protections for recycled phone numbers - when mobile carriers reassign a number after a previous owner gives it up. When a new customer received one of these reused numbers, Klarna's system automatically logged them into the former owner's account, potentially exposing their personal information, according to one internal message."
"The glitch, which Business Insider learned has happened before, underscores the risk companies can face when holding confidential customer data. The internal communications reveal how Klarna has grappled with how to deal with the security issue. The company said that as of Wednesday, the issue had been entirely resolved, with all verification methods now fully rolled out-including a one-time passcode (OTP) login, whereby a customer receives a unique code via email when they log in."
Klarna initially feared that a data glitch exposed up to 288,000 customers' login details and could have cost the company as much as $41.8 million. Internal messages show the issue originated from missing login protections for recycled phone numbers, which allowed new holders of reassigned numbers to be automatically logged into former owners' accounts, potentially exposing personal data. The company later estimated the actual impacted accounts were more than ~99% lower than the initial theoretical scope. All verification methods, including one-time passcodes (OTP) via email, were fully rolled out and the issue was resolved after a two-day remediation gap; a customer also verified another person's details in a credit application form.
Read at Business Insider
Unable to calculate read time
Collection
[
|
...
]