Data breach at payment service provider Klarna: external accounts visible
At Swedish payment service provider Klarna, a serious data breach occurred Thursday morning due to “technical issues”. Users of the app report that they were able to see the data and transactions of various other people. Klarna confirmed this and, according to her own information, immediately took the app offline. In the meantime, at least the connection through the website is available again.
According to numerous tips on Twitter and readers, the Klarna app posted different accounts, but not her own. Readers report that they were still able to see other third-party accounts when reloading. Bank details, orders, unpaid invoice amounts, names, addresses and phone numbers were visible.
90,000 users affected
Klarna confirms the incident. For about half an hour on Thursday morning, users were able to view random user data from third parties, a spokesperson told Heise Online. Only around 90,000 of the 90 million active customers have been affected.
“It is extremely important for us to stress that the access to the data was completely arbitrary and that no cards or bank details were displayed,” said the spokesperson. Order name, addresses, phone numbers, verified email addresses, and photos are affected. “Customers’ bank details, tax numbers and card details were not visible.” However, Klarna admits that “disguised data” was visible – that is, the masked card and account numbers.
“Only non-sensitive data
According to the GDPR standard, only non-sensitive data was disclosed, the spokesperson said. “We recognize, however, that what is not considered sensitive is viewed very individually and we always set our own standards higher than legal regulations such as the GDPR.”
Klarna points out that an internal error is at the origin of the incident and that it is “not an external intervention in our systems”. After a human malfunction, a faulty software update was imported into the live system on Thursday morning. Once the error was discovered and the cause identified, the application was immediately taken offline.
The payment service provider informed the authorities responsible for the incident. Klarna now wants to know which users are affected and to what extent. In addition, internal processes should be checked so that such a failure does not repeat itself. “We sincerely apologize for any inconvenience,” the spokesperson said.
The payment service provider Klarna has been no stranger to Germany since the takeover of Sofort AG in 2013. The company offers various payment methods for resellers and customers, including instant transfer or purchase on account . Klarna is expanding its product line. Klarna has also offered an account in Germany since the start of the year. Most recently, the company raised $ 1 billion from investors.