Connect with us

Hi, what are you looking for?

Tech & Science

Moonpig shuts down apps over flaw that puts 3 million at risk

Security researcher Paul Price discovered that a flaw in Moonpig’s apps can be used to find personal information about the site’s customers.

Price looked at code sent from Moonpig’s Android app to the main server. It can be easily manipulated to reveal information including addresses, names, dates of birth, credit card expiry dates and even the last four digits of credit card numbers.

Worryingly, it doesn’t look like the vulnerability was fixed, even after Moonpig was notified of the problem in August 2013. Price says that he was told Moonpig would “get right on” fixing the code, but that never happened.

The Register is reporting that up to 3 million customers may have had their personal information leaked as part of the security vulnerability. There’s no evidence that anyone has actually used the exploit to find the information of customers, but considering that the security flaw has been around since 2013, it’s certainly possible.

It looks like Moonpig has shut off its API, however, meaning that people can’t use it. Purchases have also been suspended through its iOS and Android app.

In a statement to Business Insider, Moonpig claimed that some user information was still secure:

We are aware of the claims made this morning regarding the security of customer data within our Apps. We can assure our customers that all password and payment information is and has always been safe. The security of your shopping experience at Moonpig is extremely important to us and we are investigating the detail behind today’s report as a priority. As a precaution, our Apps will be unavailable for a time whilst we conduct these investigations and we will work to resume a normal service as soon as possible. The desktop and mobile websites are unaffected.

This article originally appeared in Business Insider. Copyright 2015.

Written By

You may also like:

Business

South Korean ministries and police said Thursday they were blocking DeepSeek's access to work computers.

Business

Asian markets rose tracking gains on Wall Street and following the US Postal Service's U-turn on a ban on parcels from China and Hong...

World

As tech companies seek energy sources to meet these demands while maintaining their zero-carbon emission commitments, nuclear power has emerged as a compelling option...

World

Rubio, the son of Cuban immigrants and a devout Catholic, sparred bitterly with Trump during the 2016 election, but has steadily grown closer to...