Personalised card company Moonpig has disabled its mobile app “as a precaution” over claims the firm’s online security is “vulnerable”.
The website, which lets customers purchase specially customised greetings cards, pulled its iOS and Android apps after security expert Paul Price published details of the site’s vulnerability.
As a result of the site’s poor security measures, Moonpig was wide open to attacks designed to capture customer names, addresses, email addresses and card details, according to Price.
The company insists “password and payments information is and has always been safe” but says it is investigating the claims.
In its official statement, Moonpig said: “We are aware of the claims made this morning regarding the security of customer data within our apps. We can assure our customers that all password and payment information is and has always been safe. The security of your shopping experience at Moonpig is extremely important to us and we are investigating the detail behind today’s report as a priority.
“As a precaution, our apps will be unavailable for a time whilst we conduct these investigations and we will work to resume a normal service as soon as possible. The desktop and mobile websites are unaffected.”
Paul Price claims he first alerted Moonpig to the issues back in August 2013. He says the “vulnerability still exists” despite “ample” time for a fix.
“Given the timeframes I’ve decided to publish this post to force Moonpig to fix the issue and protect the privacy of their customers,” he said. “Seventeen months is more than enough time to fix an issue like this. It appears customer privacy is not a priority to Moonpig.”
The firm addressed customer concerns on Twitter.
We are aware of claims re customer data and can confirm that all password and payment information is and has always been safe.
— Moonpig (@MoonpigUK) January 6, 2015
Parent company Photobox is currently recruiting for an Android developer for Moonpig. The business allows customers to create and personalise greetings cards online, which are then printed and posted.
It was launched in 2000 before being bought by Photobox in 2011.According to the company website there are more than 3.6m active customers in the UK, Australia and USA and has sent more than 60m cards across the globe.