Data breach at Klarna

Date: 11.02.2020

Type of data breach: Third party data viewable through Autofill

Klarna is a Swedish payment service provider that enables online shops to outsource e.g. billing. Private individuals can pay invoices when shopping online through Klarna.

Users of Klarna noticed in mid-February that just entering the postcode and e-mail address is enough to fill in order forms with additional data. The forms are then automatically pre-filled with address data, or even date of birth or telephone number. The so-called "Autofill" or "Prefill" for data auto-completion is often the default setting.

It is questionable that third parties, who know the e-mail address and postal code of the persons concerned, can easily access further data. individual-related data get there.

Klarna reacted when the data breach became known and instructed the relevant websites to turn off the "autofill" function for the time being.

Categories of data concerned: Address data, dates of birth, telephone numbers

Country: worldwide

Practical tip: Use Autofill

Deactivate the Autofill function. To do this, after logging in on Klarna's website, under "Profile" and "Autofill on order", the functions can be greyed out. When filling out Klarna forms during the order process, make sure to remove the check mark "Autofill settings".

Source: Mirror

Back to the overview of the data breaches