Popular online payments service Klarna has been forced to temporarily shut down its service following reports that users are being logged into someone else’s account seemingly at random.
As Swedish website Di.Se reports (translated), users were able to see the full details of other accounts including their personal information, postal address, purchases, and payment methods. Partial bank details were also exposed. As the tweet included below shows, it looks as though it was possible to edit the profile of the random account you were logged into.
The situation was made worse by the fact that every time a users attempted to login again or update the page to access their own details, another user’s details would appear, seemingly in a random chain of accounts and complete breakdown in security. Anyone visiting the Klarna website right now is presented with the message, “We are currently experiencing system disturbances caused by a technical error. We apologize for any inconvenience this is causing. Whilst we are addressing the issue, customers are unable to log into the app.”
Klarna has yet to explain what happened, but triggered a service outage to stop all users from accessing the service while it looks into the problem. Whatever the cause, there’s now a big question mark hanging over the security measures Klarna has in place to protect its more than 87 million users. Under no circumstances should it be possible to access someone else’s account, especially if all you did was enter your own login credentials.