Severe Moonpig vulnerability puts customer details in the open
A simple, but catastrophic flaw in Moonpig.com security has been discovered and puts ALL customer information, including credit cards, at risk. If you're a customer, even changing your password won't resolve the problem as the data is available via an open API that requires no authentication.
Moonpig have been aware of this issue since AUGUST 2013 and it has been highlighted in a blog post here.
Right now, the only solution is for Moonpig to resolve the issue immediately however given the severity and ease of exploitation of the flaw, customer information should already be considered compromised.
Last updated: 19/02/2018 14:00:58