Moonpig has warned customers that some of their email addresses, passwords, and account balances have been published after what it calls a “security issue”.
The company, which sells custom greeting cards, said in a message to users that attackers were not able to get any credit card information, as Moonpig does not store that data. However, the incident prompted Moonpig to reset the passwords for all of the affected users and the company said that it thinks the incident was the result of data being stolen from a third party and not directly from Moonpig.
“Late on Friday, 24 July, we became aware of a security issue whereby a number of Moonpig customer email addresses, account balance and passwords had been illegally published. As a precautionary measure, we promptly closed our Moonpig site and apps to help us investigate and contain this issue,” the company said in a statement.
“Following these investigations, we now have strong evidence that the customer email addresses and passwords we identified were taken previously from other third party websites, and not directly from Moonpig.com. This data was then used to access the account balances of some of our Moonpig.com customers.”