Online personalised cards retailer Moonpig has this week reacted to claims it put customers' personal details at risk due to a flaw in its website security.

The company has announced on its website that shoppers' password and payment information "is and has always been safe", but independent developer Paul Price claimed in his blog that a lack of authentication on the website meant people could pose as other members, access their personal details and place orders in their stead.

As a "precaution", Moonpig's apps have been disabled while an internal investigation ensues, although the company's desktop and mobile websites are apparently unaffected.

"The security of your shopping experience at Moonpig is extremely important to us and we are investigating the detail behind today's report as a priority," said an official statement from the retailer.

"As a precaution, our apps will be unavailable for a time whilst we conduct these investigations and we will work to resume a normal service as soon as possible."

Price said that he informed Moonpig of the security issues over a year ago, in August 2013, but he opted to publically disclose what he views as a serious flaw in order to prompt action by the retailer and to protect consumers' details.

It would appear the reported vulnerability has not so far been used to steal personal information from Moonpig customers.

David Emm, principal security researcher at Kaspersky Lab, commented: "It's important that companies take information about a vulnerability in their products very seriously.

"After discovering a bug, researchers typically try to contact the company first and give them time to fix the issue before going public with their findings. If this vulnerability is confirmed, and it's true that Moonpig has previously failed to take any action to protect their customers for almost a year and a half, this is alarming – especially for a provider of an online shopping application used to transmit highly sensitive data.

"In recent years a number of companies have been willing to publicly acknowledge such issues and take steps to remedy the situation and offer advice to customers."

Click below for more information:

Kaspersky Lab