Moonpig.com has still not been Secured
The serious vulnerability in the UK Police National Property Register website, Immobilise, is highly embarrassing to say the least. The Immobilise website allows members of the British public to list valuables kept within their homes. A similar web application vulnerability to that of the Moonpig website was found, by changing the ID number in the website URL, an attacker could gain access to different people’s records. This is possible due to a lack of a user authentication check by the website code. The Immobilise website data includes a name and address along with a list of valuables with an estimated value of each item, this just happens to be the perfect information for any would be burglar, hence the high embarrassment. Over 4 million records were placed at risk by this basic web application coding vulnerability. Recipero, the provider of the Immobilise website, acted quickly to resolve the vulnerability, however the presence of this kind of vulnerability suggests the website was not properly penetration tested, or it was and either a poor testing job was done, or the vulnerability was previously detected but not fixed.
The Moral of these Website Vulnerabilities