Moonpig Shuts Down Mobile Apps Over Security Problem That Put 3 Million Customers At Risk
Flickr/SteffenThere's a big problem with Moonpig, the website that lets you send your friends and family personalised greeting cards. The company has turned off its mobile apps while it figures out the problem.
Security researcher Paul Price discovered that a flaw in Moonpig's apps can be used to find personal information about the site's customers.
Price looked at code sent from Moonpig's Android app to the main server. It can be easily manipulated to reveal information including addresses, names, dates of birth, credit card expiry dates and even the last four digits of credit card numbers.
Worryingly, it doesn't look like the vulnerability was fixed, even after Moonpig was notified of the problem in August 2013. Price says that he was told Moonpig would "get right on" fixing the code, but that never happened.
The Register is reporting that up to 3 million customers may have had their personal information leaked as part of the security vulnerability. There's no evidence that anyone has actually used the exploit to find the information of customers, but considering that the security flaw has been around since 2013, it's certainly possible.
Moonpig hasn't issued a statement on the vulnerability. It does look like it's shut off its API, however, meaning that people can't use it. Purchases have also been suspended through its iOS and Android app.
- I spent 2 weeks in India. A highlight was visiting a small mountain town so beautiful it didn't seem real.
- I quit McKinsey after 1.5 years. I was making over $200k but my mental health was shattered.
- Some Tesla factory workers realized they were laid off when security scanned their badges and sent them back on shuttles, sources say
- World Liver Day 2024: 10 Foods that are necessary for a healthy liver
- Essential tips for effortlessly renewing your bike insurance policy in 2024
- Indian Railways to break record with 9,111 trips to meet travel demand this summer, nearly 3,000 more than in 2023
- India's exports to China, UAE, Russia, Singapore rose in 2023-24
- A case for investing in Government securities