Data breach at Klarna

Date: 11.02.2020

Type of data breach: Third party data viewable through Autofill

Klarna is a Swedish payment service provider that enables online shops to outsource e.g. billing. Private individuals can pay invoices when shopping online through Klarna.

In mid-February, Klarna users noticed that simply entering their postcode and email address was enough to fill in order forms with additional data. The forms are then automatically pre-filled with address data or even date of birth or telephone number. The so-called "autofill" or "prefill" for data autocompletion is often stored as the default setting.

It is questionable that third parties, who know the e-mail address and postal code of the persons concerned, can easily access further data. individual-related data get there.

Klarna reacted after the data breach became known and instructed the relevant websites to switch off the "Autofill" function for the time being.

Categories of data concerned: Address data, dates of birth, telephone numbers

Country: worldwide

Practical tip: Use Autofill

Deactivate the autofill function. To do this, you can grey out the functions after logging in to the Klarna website under "Profile" and "Autofill when ordering". When filling out the Klarna forms during the order process, make sure to uncheck the "Autofill settings" box.

Source: Mirror

Back to the overview of the data breaches