Update: the incident is resolved
Though temporarily, Klarna was compelled to close down the app after users found themselves logged in to other people’s accounts.
The error, described as a human error, gave a leeway for users to access other people’s data. The glitch resulted from a bug that ran for 31 minutes and led to the compromise of personal data for 9,500 users.
However, bank and card details were not shown. All data that was compromised is classified as non-sensitive data as per GDPR.
At the same time, some users could see partial card details including mandate reference IDs and bank names. Some users could even add or remove stored card details, access purchase histories, and even phone numbers.
We’ve reported that Klarna launched a carbon tracking feature.