October 23, 2016
Hot Topics:

Moonpig Suspends Services Due to Code Security Problems

  • January 8, 2015
  • By Developer.com Staff

Greeting card maker Moonpig has shut down its API and mobile apps in response to an alleged security vulnerability in its API. Paul Price, a third-party developer who used the company's API, reported that the API would allow developers to obtain personal information for Moonpig's customers. "There’s no authentication at all and you can pass in any customer ID to impersonate them," Price explained in his blog. He said that he originally told the company about the problem 17 months ago but the firm did not take any action until he went public with the information.

Experts say the incident shows the potential security risks related to APIs, which are used widely throughout the mobile development industry. "Unlike with traditional web applications, much of what goes on beneath the glossy facade of an app is hidden from the user—but with the right tools and the right knowledge, it can be trivial to identify and exploit any vulnerabilities that might affect it," said Paul Mutton, a security researcher at Netcraft.

Moonpig had more than 10 million users as of February 2014.

View article

Comment and Contribute


(Maximum characters: 1200). You have characters left.



Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Sitemap | Contact Us

Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel