May 27, 20212 min read

Written statement on app bug.

by Sebastian Siemiatkowski

Update: The incident is resolved.

Trust is at the very core of Klarna and banking. This is why we are sad and frustrated to inform you of a self-inflicted incident, that for 31 min affected not more than 9,500 of our app users. The bug led to random user data being exposed to the wrong user when accessing our user interfaces. It is important to note that the access to data has been entirely random and not showing any data containing card or bank details (obfuscated data was visible). Even though GDPR would classify the information visible as “non-sensitive”, for Klarna all data is important. We are taking this incident very seriously and we will work tirelessly to regain the affected consumers’ trust.

At 11:04 am CET this morning, we discovered that an update introduced 15 min earlier had led to an error affecting our app users. Our payment services, the Klarna Card, the merchant checkouts, and the merchant’s user interfaces, were completely unaffected by this. At 11.20.42 am CET the error was deemed to be contained and fixed.

It is concluded that a human error caused the bug, and it was not an external breach of our systems. Despite following our set release process, we could still deploy a bug into our systems. This deems our release process to require reviewing and improvement to prevent errors like these in the future.

As the root cause was quickly identified, we immediately took appropriate actions with dedicated teams working on this as a top priority.

Quick timeline and forward going actions

  • 10:49 am CET: Bug introduced
  • 11:20 am CET: User interfaces shut down to avoid any further issues
  • Since then we have identified the root cause, started communications efforts, rolled back the bug, prepared to take the systems live again, and informed appropriate authorities.
  • Now work will continue to
    • analyze and understand exactly which consumers have been affected and how
    • analyze and understand exactly how the risk assessment of the specific systems was invalid, to implement appropriate actions to avoid this and similar incidents going forward

We are truly sorry for any inconvenience. Our customers’ trust and safety are our top priority, which makes situations like these extra important to us. If you are interested in reading more about how we handle data, please visit klarna.com and our privacy pages.

Monthly financing through Klarna and One-time card bi-weekly payments with a service fee to shop anywhere in the Klarna App issued by WebBank. Other CA resident loans at select merchants made or arranged pursuant to a California Financing Law license. Copyright © 2005-2023 Klarna Inc. NMLS #1353190, 800 N. High Street Columbus, OH 43215. VT Consumers: For WebBank Loan Products (One-Time Cards in the Klarna App, Financing, Klarna Card): THIS IS A LOAN SOLICITATION ONLY. KLARNA INC. IS NOT THE LENDER. INFORMATION RECEIVED WILL BE SHARED WITH ONE OR MORE THIRD PARTIES IN CONNECTION WITH YOUR LOAN INQUIRY. THE LENDER MAY NOT BE SUBJECT TO ALL VERMONT LENDING LAWS. THE LENDER MAY BE SUBJECT TO FEDERAL LENDING LAWS.