Core Insights - Klarna faced a potential data exposure incident affecting up to 288,000 customers, with an estimated financial impact of $41.8 million, but the actual number of impacted accounts is believed to be over 99% lower than initially thought [1][11] Incident Details - The issue arose from a lack of login protections for recycled phone numbers, leading to new customers being logged into previous owners' accounts, exposing personal information [2][13] - Klarna has implemented a one-time passcode (OTP) login system to resolve the issue, which has now been fully rolled out [3][14] Internal Communications - Internal messages revealed that the information about the incident was not communicated effectively within the company, leading to a two-day delay in addressing the problem [4][11] - A product director estimated that around 10% of the affected accounts could be severe cases where sensitive information was accessible [12] Financial Implications - The potential financial impact of the incident was projected at $41.8 million, with an average legal and remediation cost of $1,000 per severe case [11][12] - Concerns were raised about the impact of additional verification measures on conversion rates, with estimates suggesting a potential drop in gross merchandise value of $28.5 million per month [19][20] Historical Context - This incident is not the first for Klarna, as similar data exposure issues have been reported in the past, including a notable incident in 2021 where customer information was exposed for 31 minutes [21][22] - Klarna's share price has declined over 20% since its IPO, reflecting ongoing challenges in maintaining customer trust and data security [23]
Klarna feared 288,000 customer logins were exposed in a data leak and projected a $41 million legal hit, messages show