• Dear Guest, if you are not receiving a forgot pw email then use the contact form at the bottom of the page. Bare in mind this is not monitored 24/7. Join our discord for help with account issues/queries.
  • Dear Guest, some forum sections are hidden for you. Register for FREE for unlimited access.

Massive Moonpig Vulnerability

Users who viewed this discussion (Total:0)

Rating - 0%
0   0   0
Moonpig are one of the most well known companies that sell personalised greeting cards in the UK. In 2007 they had a 90% market share and shipped nearly 6 million cards. In July 2011 they were bought by PhotoBox.

Although there's been no offical comment from Moonpig it seems they have taken the API offline around 3 hours after this post was published.
I've seen some half-arsed security messures in my time but this just takes the biscuit. Whoever architected this system needs to be shot waterboarded.
Hasn't been fixed after 17 months so if you have used Moonpig I'd check your passwords and bank statements. Unknown if maliciously used.

Full write up: http://www.ifc0nfig.com/moonpig-vulnerability/
Rating - 0%
0   0   0
He did the right thing. A vulnerability should be fixed within 90 days before full disclosure of it, and he gave them WAY more than that before pusblishing it.