Gifts Today magazine

Moonpig goes out of orbit

Online card specialists Moonpig act after fears bug exposes customers’ details

Moonpig has suspended its mobile apps after it was claimed a security bug had exposed the personal details of their three million customers.

Sky News are among those reporting developer Paul Price’s blog claim that a flaw in the greetings card website’s security settings means other users could gain access to credit card details and personal information as well as place orders from other people’s accounts.

The apps were taken out of commission on Monday and were still down this morning, but Price claims to have discovered the problem almost 18 months ago and that the company promised to “get right on it” when he told them about it.

He wrote: “I've seen some half-a**** security measures in my time but this just takes the biscuit. Whoever architected this system needs to be shot, waterboarded.”
In a statement Moonpig said: “You may have seen reports about our apps and the security of customer details when shopping with Moonpig. We can assure our customers that all password and payment information is and has always been safe.

“The security of your shopping experience at Moonpig is extremely important to us and we are investigating the detail behind today's report as a priority.

“As a precaution, our apps will be unavailable for a time while we conduct these investigations and we will work to resume a normal service as soon as possible.
“The desktop and mobile websites are unaffected.”

Social Links