Klarna temporarily suspended its app yesterday following a “self-inflicted incident” that inadvertently allowed some users to access others’ accounts, exposing personal information.
In a statement, Klarna explained that a human error during an app update led to a bug that compromised the data of up to 9,500 users for 31 minutes. The Swedish buy now, pay later company clarified that credit card and bank details were not visible, asserting that the exposed information would be categorized as “non-sensitive” under GDPR guidelines.
However, one London-based customer took to Twitter to report that she was able to see partial card details in the “Payment Methods” section, including bank names and mandate reference IDs. She claimed to have accessed the information of “more than 20 random users,” including phone numbers and purchase histories.