Home » Featured, In Other News

Moonpig API Exposes Customer Info

Posted 6 Jan 2015 | Comments Off on Moonpig API Exposes Customer Info | 8,757 views

Security researcher Paul Price discovered a flaw in the API used by UK greeting card company Moonpig. Their API does not require authentication and exposes customer account details.  He notified them of his findings in August 2013. After 17 months, Price publicly disclosed the vulnerability.

Moonpig tweeted that customer passwords and payment have always been secure; however, customers quickly noticed that they did not mention other personal account details. In the meantime, Moonpig has disabled their apps and posted a brief message to their customers.

Comments are closed.