Data Protection Academy » Data Protection News » Data breach at Klarna

A computer screen showing a programming language on black and white. Autofill data glitch at Klarna

Data breach at Klarna

Date: 11.02.2020

Type of data breach: Third party data viewable through Autofill

Klarna is a Swedish payment service provider that enables online shops to outsource e.g. billing. Private individuals can pay invoices when shopping online through Klarna.

Users of Klarna noticed in mid-February that just entering the postcode and e-mail address is enough to fill in order forms with additional data. The forms are then automatically pre-filled with address data, or even date of birth or telephone number. The so-called "Autofill" or "Prefill" for data auto-completion is often the default setting.

It is questionable that third parties, who know the e-mail address and postal code of the persons concerned, can easily access further data. individual-related data get there.

Klarna reacted when the data breach became known and instructed the relevant websites to turn off the "autofill" function for the time being.

Categories of data concerned: Address data, dates of birth, telephone numbers

Country: worldwide

Practical tip: Use Autofill

Deactivate the Autofill function. To do this, after logging in on Klarna's website, under "Profile" and "Autofill on order", the functions can be greyed out. When filling out Klarna forms during the order process, make sure to remove the check mark "Autofill settings".

SourceMirror

Back to the overview of the data breaches

Caroline Schwabe

This might interest you too:

Data failure in the district office Coburg

Allegedly deleted data on a hard drive came into circulation: Some 12,000 documents, e-mails and passwords were released.

Data breach employees fashion house H&M

The Swedish fashion house H&M is accused of having sounded out its employees. This also involved sensitive health data.

Data breakdown frequent flyer programme Miles & More

Lufthansa's frequent flyer programme confirms data breakdown. Thousands of users had access to foreign profiles.