Booze and gifts sent to criminals through hacked Moonpig accounts
By Matt Hall | 13th August 2020
Customers of the online card and gift retailer are reporting accounts being hacked and hundreds of pounds worth of gifts being sent to random addresses.
More than a dozen customers have taken to social media to report the fraudulent activity, which has been taking place over the last few months.
One user wrote: "Someone hacked my Moonpig acc and has made a purchase for £74 which is in pending transactions on my account."
Another added: "My Moonpig account was hacked yesterday and caused me A LOT of stress making sure the orders were cancelled so £100 worth of stuff didn't get sent out."
The business released a statement regarding the breach to The Mirror, who first revealed the incident. Moonpig said: "We'd like to confirm that the Moonpig website has not been hacked and it remains safe for everyone to use.
"During the last month we've seen an increase in 'credential stuffing' attempts on our site. This is an activity where criminals use login credentials (username and password combinations) stolen from other websites to try to log in to individual customer accounts.
"Unfortunately, in some cases, the fraudsters did manage to gain access to some accounts. Where payment card details were saved with our payment provider, they also managed to place some fraudulent orders.
"But please be reassured that all impacted customers have been identified and the fraudulent orders have been cancelled and refunded. It's also important to note that since we do not store card details within our system (they are stored via our payment provider), no card details of our customers have been exposed or accessed.
"The security of our customers is our first and foremost priority and we encourage everyone to use a strong, unique password for their account as it's one of the best protections against fraudsters like this. If the login details are not used anywhere else online, then the fraudsters won't be able to access the account with stolen credentials."
Copyright 2020 Moose Partnership Ltd. All rights reserved. Reproduction of any content is strictly forbidden without prior permission.