A researcher has called out U.K.-based greeting card vendor Moonpig for a 17-month-old vulnerability that puts customer and payment card data at risk. Paul Price said he reported the issue to the company on Aug. 18, 2013, 17 months ago. The company this morning told Threatpost that its apps will be unavailable while it investigates the issue. The vendor said it can assure its customers that all password and payment information is and has always been safe.Moonpig did not provide a timeline for getting its apps online and said its desktop and mobile sites were unaffected.
Source: https://threatpost.com/moonpig-api-vulnerability-exposes-payment-card-data/110220/