Moonpig app security alert
GREETINGS card website Moonpig has suspended its mobile apps following a claim a security bug has exposed personal details of its customers.
Developer Paul Price posted an entry on his blog yesterday claiming a security flaw meant that anyone could pose as another user – gaining access to a portion of their credit card details and personal information as well as being able to make orders from their account.
Mr Price discovered the problem in August 2013 and told Moonpig, but despite the company saying it would “get right on it”, the glitch was still in place yesterday.
Moonpig has assured customers that “all password and payment information is and has always been safe”, but said it had made its apps unavailable while it conducted investigations.
Mr Price posted: “I’ve seen some half-arsed security measures in my time but this just takes the biscuit.
“Whoever architected this system needs to be shot… waterboarded.”