Klarna was forced to temporarily shut down its app yesterday after a "self-inflicted incident" saw some users logged in to other people's accounts, giving them access to personal information.
In a statement, Klarna says that a human error made during an app update caused a bug that meant that for 31 minutes up to 9500 users saw their personal data compromised.
The Swedish buy now, pay later unicorn says that card and bank details were not shown and that the visible information would be classified as "non-sensitive" under GDPR.
However, one London-based customer reported on Twitter: "I was able to see users’ partial card details under the “Payment Methods” section including bank names and mandate reference IDs. I was also able to remove stored card details and / or add new card details.
The Tweeter says she saw the details of "more than 20 random users," and had access to phone numbers and purchase histories.