1. Dear Guest, if you are not receiving a forgot pw email then use the contact form at the bottom of the page. Bare in mind this is not monitored 24/7. Join our discord for help with account issues/queries. Join our discord: by clicking HERE.
    Dismiss Notice
  2. Dismiss Notice
  3. Dear Guest, some forum sections are hidden for you. Register for FREE for unlimited access.
    Dismiss Notice

Massive Moonpig Vulnerability

Discussion in 'White Hat Section' started by Ally Mac, Jan 6, 2015.

Share This Page

  1. Ally Mac

    Ally Mac -

    Joined:
    Nov 11, 2014
    Messages:
    449
    Likes Received:
    0
    Trophy Points:
    0
    Hasn't been fixed after 17 months so if you have used Moonpig I'd check your passwords and bank statements. Unknown if maliciously used.

    Full write up: http://www.ifc0nfig.com/moonpig-vulnerability/
     
  2. Lana

    Lana Forum Owner -

    Joined:
    Feb 24, 2012
    Messages:
    12,755
    Likes Received:
    334
    Trophy Points:
    83
    Damn that is pretty bad for a reputable company :/
     
  3. Ally Mac

    Ally Mac -

    Joined:
    Nov 11, 2014
    Messages:
    449
    Likes Received:
    0
    Trophy Points:
    0
    Yeah, I agree. Getting hacked is one thing but ignoring a vulnerability of this magnitude for 17 months is insane!
     
  4. Aura

    Aura -

    Joined:
    Jul 28, 2014
    Messages:
    317
    Likes Received:
    0
    Trophy Points:
    16
    He did the right thing. A vulnerability should be fixed within 90 days before full disclosure of it, and he gave them WAY more than that before pusblishing it.
     
  5. Sonex

    Sonex -

    Joined:
    Aug 18, 2009
    Messages:
    2,823
    Likes Received:
    8
    Trophy Points:
    38
    Very embarrassing for Moonpig, their security team will be shitting themselves
     
  6. Services

    Services Member

    Joined:
    Feb 8, 2015
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    6
    This is really interesting. Thanks for sharing this, and I do not mean I am going to use that vulnerability by saying that.
     
  7. Ally Mac

    Ally Mac -

    Joined:
    Nov 11, 2014
    Messages:
    449
    Likes Received:
    0
    Trophy Points:
    0
    It should be fixed by now anyway.
     
  8. blackhat

    blackhat -

    Joined:
    May 17, 2015
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    0
    What security team? If they had one, this wouldn't of happened.
     
  9. JfN

    JfN Well-Known Member

    Joined:
    Jan 18, 2012
    Messages:
    4,849
    Likes Received:
    28
    Trophy Points:
    48
    Not necessarily, but the time it took them to fix it is ridiculous.
     

Top