Card Company Moonpig Hacked: Password Breach Results in Loss of Customer Data and Privacy
Personalized card company Moonpig has ceased access and blocked a number of customer accounts after a breach wherein the stolen details were published online. The company has also released a statement.
Moonpig, a personalized online card company has immediately suspended and blocked a number of customer accounts after details including email addresses, account balance, and passwords were made public. The company has also started corresponding to its subscribed users to inform them of the breach.
“Late on Friday, 24 July, we became aware of a security issue whereby a number of Moonpig customer email addresses, account balance, and passwords had been illegally published. As a precautionary measure, we promptly closed our Moonpig site and apps to help us investigate and contain this issue,” the company said.
The company explained that it was aware of the breach after the confidential information went public, it said in an advisory posted on its website. Moonpig insisted that it does not hold or store credit card numbers and was quick to stress that the information was likely obtained from other websites wherein users made the cardinal mistake of using identical passwords.
The statement continues:
As a precautionary measure, we promptly closed our Moonpig site and apps to help us investigate and contain this issue.
Following these investigations, we now have strong evidence that the customer email addresses and passwords we identified were taken previously from other third party websites, and not directly from Moonpig.com. This data was then used to access the account balances of some of our Moonpig.com customers. As a reminder, we do not store full credit card information ourselves so this data was not accessible in any event.
The card company added that it had informed customers to not reuse the same passwords anywhere else on the internet. Moonpig also recommends that passwords be changed on its own website immediately. This is particularly good advice, with the company urging that the same password never be used for multiple sites.
Image from Moonpig website and Shutterstock.