Moonpig Security – SMEs take note

Its been talked about to no end in the last week – Moonpig security vulnerabilities, its breach of potentially millions of customers data. Its API flaws that really could cost the company its business and not only is this a cause for concern for the millions of customers of moonpig but it should be a warning sign for SMEs who use web services, web applications and even more so – those who have businesses that run off web services and applications that may have been built by internal/external development teams.

It would be unfair to expect your average developer or software development agency to understand the security industry and how these aspects affect software builds, business processes and data security. 

As a computer security consultancy with a software development team, we work along side SMEs and PLCs in the UK including DNA testing, Cancer research, SaaS organisations and so on to identify, protect their networks, applications and to develop more secure systems and business processes. 

Over the festive period we were able to identify a number of small/medium sized local businesses and some with multi million pound turnover with vulnerable systems, APIs and business applications created by small development agencies with no security knowledge that could lead to a similar style breach to that of Moonpigs recent event.

With our software development and ecommerce projects – we can utilise this knowledge to our advantage, something that is truly unique in our industry to be able to apply these measures to every piece of software we build. Be it a CRM, CMS, invoicing, resource tracking, inventory management or ecommerce platform.

Since the moonpig iPhone application / API vulnerability issue has surfaced already we have been asked to review applications in our region, of which we have already identified one with similar problems to that of Moonpig. So if nothing else – if you have a business application, mobile, web or desktop – ask your developers to take a look or contact a computer security expert to review the application.