Its been talked about to no end in the last week – Moonpig security vulnerabilities, its breach of potentially millions of customers data. Its API flaws that really could cost the company its business and not only is this a cause for concern for the millions of customers of moonpig but it should be a warning sign for SMEs who use web services, web applications and even more so – those who have businesses that run off web services and applications that may have been built by internal/external development teams.
We work along side SMEs and PLCs in the UK including DNA testing, Cancer research, SaaS organisations and so on to identify, protect their networks, inffrastructure, applications and to develop more secure systems and business processes.
Over the festive period we were able to identify a number of small/medium sized businesses, some with multi million pound turnover with vulnerable systems, APIs and business applications created by local development agencies with no security knowledge that could lead to a similar style breach to that of Moonpigs recent event.
Since the moonpig iPhone application / API vulnerability issue has surfaced already we have reviewed applications and interfaces for many corporate clients as part of a larger project scope, of which we have already identified similar patterns to that of Moonpig.
So if nothing else – if you have a business application, mobile, web or desktop – ask your developers to take a look or contact a computer security expert to review the application.