Press "Enter" to skip to content

Moonpig customer accounts ‘hacked’ as crooks steal hundreds of pounds worth of booze and gifts

DOZENS of unsuspecting Moonpig customers have had their accounts “hacked” – with fraudsters ordering booze, sweets and games for themselves.

The crooks seem to have accessed the accounts and used stored card details on customer accounts to go on an ordering spree over the last few weeks.

The Sun has seen scores of customers complaining on social media.

Shannon Baker from London wrote on Twitter that she had noticed a number of transactions which she had not made on her account.

Someone had ordered a giant jar of sweets and a Toblerone to an address in Manchester, for a total of £28, while a £22 bunch of flowers and a Monopoly game costing £30 had been ordered to an address in Birmingham.

“This is absolutely shocking!” Ms Baker tweeted.

“So many fraudulent orders trying to be placed on my account.

“Please make sure you update your passwords regularly and be careful storing bank details on accounts, in case something like this happens.

“I thought my password was fine, but clearly not!”

Other users shared similar experiences.

Emma Barrington from Scarborough posted on Facebook that someone had ordered a £60 Cartwright & Butler beer and treats hamper to be delivered to an address in Nottingham.

“Luckily my bank have sorted it, they informed me that Moonpig accounts are regularly hacked so security can’t be very sufficient? Lesson learned!

“I used this site fairly regularly so had my card details stored – won’t be doing that again!”

Another Twitter user, who uses only the name Jacob, said someone had ordered a £19 fairy garden kit using his account.

Despite the problems, a spokesperson from Moonpig said the site remained safe to use.

A spokesperson said: “During the last month we’ve seen an increase in ‘credential stuffing’ attempts on our site.

“This is an activity where criminals use login credentials (username and password combinations) stolen from other websites to try to log in to individual customer accounts. 

“Unfortunately, in some cases, the fraudsters did manage to gain access to some accounts.

“Where payment card details were saved with our payment provider, they also managed to place some fraudulent orders.”

Moonpig had worked quickly to resolve the issues, the spokesperson added, and all customers who had been hacked had received a full refund.

All customers affected have now been identified, the company said, and it is working with the police to identify the hackers.

“It’s also important to note that since we do not store card details within our system (they are stored via our payment provider), no card details of our customers have been exposed or accessed,” she added.

Moonpig said that customers could protect themselves by using strong, unique passwords which aren’t used anywhere else online.

A number of companies have been hit by data breaches in the last few months, including Virgin Media which in March warned customers to change their passwords after a breach.

And in May, nine million EasyJet customers had their details stolen.

Here’s how to protect yourself from Bitcoin scammers after celebs on Twitter were hacked.

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *