Unplugged Posted January 6, 2015 Share Posted January 6, 2015 This is blowing up all over twitter at the moment Took them about 2 hours to close the API. Link to comment Share on other sites More sharing options...
FiB3R Posted January 6, 2015 Share Posted January 6, 2015 Thanks for the info http://ifc0nfig.com/moonpig-vulnerability/ Aergan 1 Share Link to comment Share on other sites More sharing options...
Unplugged Posted January 6, 2015 Author Share Posted January 6, 2015 Woops yup forgot the important part Doing IT security right FiB3R 1 Share Link to comment Share on other sites More sharing options...
FiB3R Posted January 6, 2015 Share Posted January 6, 2015 A MESSAGE TO OUR CUSTOMERS: You may have seen reports this morning about our Apps and the security of customer details when shopping with Moonpig. We can assure our customers that all password and payment information is and has always been safe. The security of your shopping experience at Moonpig is extremely important to us and we are investigating the detail behind today Link to comment Share on other sites More sharing options...
Intersect Posted January 6, 2015 Share Posted January 6, 2015 mind blowing that something as basic as this should have been picked up in basic functional testing, moonpig do have a test team right? Link to comment Share on other sites More sharing options...
Aergan Posted January 6, 2015 Share Posted January 6, 2015 I love that the API returns a list of availible functions if you get your malformed request wrong - that's pretty special. +E.Worm Jimmy 1 Share Link to comment Share on other sites More sharing options...
n_K Posted January 6, 2015 Share Posted January 6, 2015 I used to know one the networking people at moonpig, he's incredibly stupid, knows nothing of security, and has his own personal website that's been hacked more times than I can remember. Does this surprise me? No. It surprises me it took this long. Unplugged 1 Share Link to comment Share on other sites More sharing options...
Recommended Posts