Moonpig has confirmed it's "investigating" a vulnerability in its code which means personal details of three million customers may have been exposed for almost a year and a half.
The company said many of its apps would be "unavailable for a time" while it looked into a blog posted yesterday warning that hackers could easily access details, including credit card info and past orders - as well as allowing them to place new ones.
The fiercely critical blog was posted by developer Paul Price, who said he had originally warned Photobox, which owns Moonpig, back in August 2013. After 18 months of no action from Moonpig, he decided to go public. Here's a sample from his scathing blog:
I've seen some half-arsed security messures in my time but this just takes the biscuit. Whoever architected this system needs to be
We are aware of the claims made this morning regarding the security of customer data within our apps. We can assure our customers that all password and payment information is and has always been safe. The security of your shopping experience at Moonpig is extremely important to us and we are investigating the detail behind today’s report as a priority. As a precaution, our apps will be unavailable for a time while we conduct these investigations and we will work to resume a normal service as soon as possible. The desktop and mobile websites are unaffected.