Massive Moonpig Vulnerability

Users who viewed this discussion (Total:0)

Rating - 0%
0   0   0
Moonpig are one of the most well known companies that sell personalised greeting cards in the UK. In 2007 they had a 90% market share and shipped nearly 6 million cards. In July 2011 they were bought by PhotoBox.

Although there's been no offical comment from Moonpig it seems they have taken the API offline around 3 hours after this post was published.
I've seen some half-arsed security messures in my time but this just takes the biscuit. Whoever architected this system needs to be shot waterboarded.
Hasn't been fixed after 17 months so if you have used Moonpig I'd check your passwords and bank statements. Unknown if maliciously used.

Full write up:
Rating - 0%
0   0   0
He did the right thing. A vulnerability should be fixed within 90 days before full disclosure of it, and he gave them WAY more than that before pusblishing it.