Durex India eStore spills customers' personal details

A site that sold Durex condoms in India has threatened a whistleblower with a legal nastygram in the wake of an admitted security breach involving leaked client details. Problems with the kohinoorpassion.com site surfaced earlier this month after a customer noticed that simply changing the order ID numbers in a URL allowed …

This topic is closed for new posts.

Posted Friday 26th March 2010 13:41 GMT

Anonymous Coward

am i the only one who saw this?

"an unpleasant leak that created a potentially messy situation for everyone involved."

Posted Friday 26th March 2010 13:41 GMT

John A Blackley

A little editing

"SSL and TTK-LIG takes data security extremely seriously NOW AND WILL DO SO UNTIL THE PUBLIC'S ATTENTION WANDERS ELSEWHERE and we have identified the cause OF THIS ONE PARTICULAR WHOOPSIE and taken immediate remedial action. The modifications put in place ensure ER, OR SO THAT WIERD WEB GUY TELLS US, that unauthorized access OF THIS PARTICULAR TYPE cannot happen again. We are completely confident that the website is now fully secure - BUT THEN WE DON"T KNOW JACK ABOUT THIS WEB STUFF AND, UNTIL IT BECOMES AN EMBARASSMENT AGAIN, COULD CARE LESS.

FTFY.

Posted Friday 26th March 2010 13:42 GMT

Anonymous Coward

who'd have thunk it

I mean, dodgy code coming out of India, that sort of thing just isn't possible.

Posted Friday 26th March 2010 14:19 GMT

Anonymous Coward

Now I'm not saying India has the monopoly on bad code

But they seem to be trying pretty damn hard.

The number of Indian programmers with professional contracts you see asking beginner questions in coding forums, complete with samples of their spaghetti code, is quite ridiculous.

It's not India's fault though bless 'em, it's just that companies require programmers in the UK to have X years education followed by X years experience, then when they go to outsource they don't ask for any verifiable experience whatsoever. They just sort of assume "well we're dealing with another company, just like us - not some filthy prole - so we'll never get burned" and they get burned over and over again.

Posted Friday 26th March 2010 14:59 GMT

Mos Eisley Spaceport

That'll show Johnny Foreigner!

Hahahaha

Posted Friday 26th March 2010 16:26 GMT

Eden

Wha?

Wait...so he noticed a flaw, reported it only to the effected company...who thanked him..only to then have them turn around and accuse him of being a bad bad boy? I assume with some legal ramification?

*sigh*

Why do companies keep doing this to themslves and bring more attention and make themselves look like an ass by trying to whack the people pointing out the flaws in their security.

Posted Saturday 27th March 2010 00:14 GMT

SirTainleyBarking

Simples

They get twat lawyers involved. The question will have been asked "What is our legal exposure?" the Lawyers answer will be to try and hush up things by threats. The Streisand effect then comes into play.

I work in a FMCG company. If this scenario had played out with us (Thankfully we don't do web ordering, our products aren't embarassing) there would have been a lot of panicking, swearing, fixing, and a large box of freebies on the way.

And no-one would have been any the wiser as that would have been the end of it

There is an old idiom that should be beaten into every lawyer and MBA student. 'You can catch more flies with honey than with vinegar'

Posted Friday 26th March 2010 23:48 GMT

Graham Marsden