Home » In Other News

Moonpig API Exposes Customer Info

Posted 6 Jan 2015 | No Comments | 8,915 views

Security researcher Paul Price discovered a flaw in the APIused by UK greeting card company Moonpig. Their API does not require authentication and exposes customer account details.  He notified them of his findings in August 2013. After 17 months, Price publicly disclosed the vulnerability.

Moonpig tweeted that customer passwords and payment have always been secure; however, customers quickly noticed that they did not mention other personal account details. In the meantime, Moonpig has disabled their apps and posted a brief message to their customers.

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS. Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This is a Gravatar-enabled service. To get your own globally-recognized-avatar, please register at Gravatar.