Careful wording

  • security

Moonpig, an online greetings card company suffered a security vulnerability. While the vulnerability was serious, far worse was the company’s deliberately misleading statement in response to the disclosure:

We are aware of claims re customer data and can confirm that all password and payment information is and has always been safe.

— Moonpig (@MoonpigUK) January 6, 2015

Indeed this tiny subset of information was “safe”. What was leaked was all other personal information held by Moonpig about every customer. Much worse than a password or a credit card that can be easily changed. That the company issues a statement like this indicates how little they care about their customers.

And obviously the fact that the company knew about the problem for 17 months and did nothing.

← Older
Slate
→ Newer
One to Watch's film querying at risk