Klarna was forced to temporarily shut down its app yesterday after a “self-inflicted incident” saw some users logged in to other people’s accounts, giving them access to personal information.
The Swedish buy now, pay later unicorn says that card and bank details were not shown and that the visible information would be classified as “non-sensitive” under GDPR.
However, one London-based customer reported on Twitter: “I was able to see users’ partial card details under the “Payment Methods” section including bank names and mandate reference IDs. I was also able to remove stored card details and / or add new card details.
The Tweeter says she saw the details of “more than 20 random users,” and had access to phone numbers and purchase histories.
Oh I’ve only now seen this tweet and it’s incorrect. I was able to see users’ partial card details under the “Payment Methods” section including bank names and mandate reference IDs. I was also able to remove stored card details and / or add new card details. @Klarna https://t.co/axagaUMvXs
— esra efe laborde (@esraefe) May 27, 2021