Due to a bug at the Klarna payment service, more than 9,500 customers have been given access to the accounts of any other user for half an hour. The payment service has announced this in a response. According to Klarna, this allowed them to view only insensitive data.
The bug took place around 11 a.m. on Thursday, Klarna said in an extensive response . For 31 minutes, after logging in, up to 9,500 users were given access not to their account, but to that of any other user. According to Klarna, no sensitive data was visible, such as bank or credit card details.
The bug started after Klarna rolled out an update 15 minutes earlier, and Klarna calls it a human error. According to the company, there has been no external break in the system. According to the company, the bug was quickly discovered and fixed 31 minutes after it was introduced. Klarna is now investigating which users have been affected by the bug.
Klarna’s update is not entirely consistent with complaints previously reported by users. For example , a user on Twitter claims to have access to all information that random other users have stored in their account, including partial bank details, addresses, phone numbers and purchases. She says she has seen data from at least twenty other accounts.