Online greeting card company Moonpig admitted earlier this week that it had suffered another security breach, which led to user details being published online.
The UK-based firm began contacting subscribers about the breach on Wednesday.
Some customer passwords had been disabled and would need to be reset:
Moonpig does not store credit card information itself, so the damage from this attack is limited. That said, this is the second time the service has been hit this year; back in January, a flaw in the service's mobile app-enabled anyone to access a user's account without a password or username, so long as they entered a valid customer ID. This second breach highlights the lack of Host Intrusion Detection Security Controls.
You can read the full article on SC Magazine UK here