News Room

News from Wintercorn about Joomla!, WordPress and other tech subjects

Moonpig security hole still unpatched after 17 months

Unhappy PigMoonpig, the online personalised card company, has been accused of a shockingly sloppy attitude to security, after apparently leaving a serious hole in its security unpatched.  
 
The vulnerability, which was said to have been first reported to Moonpig back in August 2013 (yes, 2013) allows anyone with a modicum of programming knowledge to access the names, dates of birth, email and home addresses of the company’s 3.6 million customers.  
 
All that it takes is to change the Customer ID number sent in an API request. No authentication is required.
Read the full story at welivesecurity

Contact Us

Wintercorn Consulting Limited,

Rouen House, Rouen Road,

Norwich,

Norfolk, NR1 1RB

0800 228 9933