The online personalized card company, Moonpig, has blocked an unspecified number of accounts of customers after users’ details were published online.
According to the company’s website, customers’ email addresses, passwords and account balance had been made public. However, they stress that the source of passwords was not their site, but from other online sites where users use similar passwords.
“As a precautionary measure, we promptly closed our Moonpig site and apps to help us investigate and contain this issue. Following these investigations, we now have strong evidence that the customer email addresses and passwords we identified were taken previously from other third party websites, and not directly from Moonpig.com.”
“This data was then used to access the account balances of some of our Moonpig.com customers. As a reminder, we do not store full credit card information ourselves so this data was not accessible in any event.”
Moonpig has contacted affected customers, and advised them to reset their passwords and ensure that they are not reusing the same passwords anywhere else on the net