Did you order online greeting cards this holiday season? If you used U.K.-based Moonpig, then your personal information could have been put at risk. That's because a serious security flaw in the Moonpig app for Android and Apple gadgets has made it easy to for anyone to access your account.
A developer named David Price found that the app didn't actually verify customer IDs or passwords during the login process, leaving the accounts of 3 million customers open to hackers. That's pretty scary stuff.
This would allow potential hackers to place orders, retrieve portions of their credit card details and obtain other personal information from their account.
The scariest thing is Moonpig allegedly knew about the app's security problems for some time now because Price told them about it long ago.
Price says he first contacted Moonpig about the log in flaw in August of 2013 - that's more than a year ago! He even contacted the company after that to check on the progress. But, the problem stuck around.
The problem centered on a flaw in the way the app sent and received information from Moonpig's servers.
He found that rather than sending information protected by a username and password, it tended to send static credentials that read '*redacted*:*redacted*'.
Moonpig has said it's going to remove the app from the Apple app store while it fixes the bugs, but it's still there. The company has disabled ordering through the app for the time being.