Personal details, including credit card information, of the mobile customers of greetings card company Moonpig have been exposed to hackers for over a year, a developer has claimed.
A security flaw in the company's app – which lets people design and send custom cards and gifts – enables hackers to intercept personal information sent by users to Moonpig's main servers, according to a blog post by Paul Price, who describes himself as a developer on his website. Cybercriminals could even place a product order through another user's account, he claimed.
Moonpig, which is owned by UK-based Photobox, said customers' information was not at risk, but it had closed down the app and was investigating the claims.
"We can assure our customers that all password and payment information is and has always been safe," the company said in a statement.