Data breach at Klarna
Type of data breach: Third party data viewable through Autofill
Klarna is a Swedish payment service provider that enables online shops to outsource e.g. billing. Private individuals can pay invoices when shopping online through Klarna.
Users of Klarna noticed in mid-February that just entering the postcode and e-mail address is enough to fill in order forms with additional data. The forms are then automatically pre-filled with address data, or even date of birth or telephone number. The so-called "Autofill" or "Prefill" for data auto-completion is often the default setting.
It is questionable that third parties, who know the e-mail address and postal code of the persons concerned, can easily access further data. individual-related data get there.
Klarna reacted when the data breach became known and instructed the relevant websites to turn off the "autofill" function for the time being.
Categories of data concerned: Address data, dates of birth, telephone numbers
Practical tip: Use Autofill
Deactivate the Autofill function. To do this, after logging in on Klarna's website, under "Profile" and "Autofill on order", the functions can be greyed out. When filling out Klarna forms during the order process, make sure to remove the check mark "Autofill settings".