Be Excellent To Each Other

And, you know, party on. Dude.

All times are UTC [ DST ]




Reply to topic  [ 7 posts ] 
Author Message
 Post subject: Moonpig vulnerability
PostPosted: Tue Jan 06, 2015 12:02 
User avatar
ugvm'er at heart...

Joined: 4th Mar, 2010
Posts: 22391
http://www.ifc0nfig.com/moonpig-vulnerability/

Have you got a moonpig account? Did you know that for the past year they have known about a serious problem with their API and have done nothing about it?

If you don't want to read the page, i'll give you a TL:DR. You can get full details of any customer with no authentication. Name, address, Credit card details, etc... Don't worry though, they only give out the last 4 digits of your credit card, so that's nice.


Top
 Profile  
 
 Post subject: Re: Moonpig vulnerability
PostPosted: Tue Jan 06, 2015 12:12 
User avatar
UltraMod

Joined: 27th Mar, 2008
Posts: 55719
Location: California
Yes, I've already requested they delete my account and all my personal information.

_________________
I am currently under construction.
Thank you for your patience.


Image


Top
 Profile  
 
 Post subject: Re: Moonpig vulnerability
PostPosted: Tue Jan 06, 2015 15:39 
User avatar
a creature of fathomless grace

Joined: 1st Jul, 2012
Posts: 1609
!! Not cool! *goes off to delete account*

_________________
81 sleeps


Top
 Profile  
 
 Post subject: Re: Moonpig vulnerability
PostPosted: Tue Jan 06, 2015 16:01 
User avatar
Unpossible!

Joined: 27th Jun, 2008
Posts: 38653
My account has been deleted, despite the crawling message telling me that all is fine.


Top
 Profile  
 
 Post subject: Re: Moonpig vulnerability
PostPosted: Wed Jan 07, 2015 11:23 
User avatar
Terrible Human Being

Joined: 18th Jul, 2010
Posts: 330
Location: Southport, UK
Their response was terrible, "Your data is safe!!!!!!" despite long and detailed post explaining for the last year that it wasn't.


Top
 Profile  
 
 Post subject: Re: Moonpig vulnerability
PostPosted: Wed Jan 07, 2015 11:47 
SupaMod
User avatar
Commander-in-Cheese

Joined: 30th Mar, 2008
Posts: 49244
Well they blocked the API in question, so technically your data is safe, though it's spent the last 18 months not being safe.

_________________
GoddessJasmine wrote:
Drunk, pulled Craster's pork, waiting for brdyime story,reading nuts. Xz


Top
 Profile  
 
 Post subject: Re: Moonpig vulnerability
PostPosted: Wed Jan 07, 2015 11:47 
SupaMod
User avatar
Commander-in-Cheese

Joined: 30th Mar, 2008
Posts: 49244
Still, good stable door locking, folks ;)

_________________
GoddessJasmine wrote:
Drunk, pulled Craster's pork, waiting for brdyime story,reading nuts. Xz


Top
 Profile  
 
Display posts from previous:  Sort by  
Reply to topic  [ 7 posts ] 

All times are UTC [ DST ]


Who is online

Users browsing this forum: Columbo, Majestic-12 [Bot] and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search within this thread:
cron
You are using the 'Ted' forum. Bill doesn't really exist any more. Bogus!
Want to help out with the hosting / advertising costs? That's very nice of you.
Are you on a mobile phone? Try http://beex.co.uk/m/
RIP, Owen. RIP, MrC. RIP, Dimmers.

Powered by a very Grim... version of phpBB © 2000, 2002, 2005, 2007 phpBB Group.