[d23]

You're getting mad at the wrong person here, full stop. This is gross, inexcusable negligence and incompetence. I'm surprised this guy didn't wait more than a few months, given the severity of this problem.

> whilst protecting customer data from any opportunistic bad actor

Riiiight. Do you honestly think something this basic wouldn't be discovered by criminals soon, if not already?

[clobec]

> You're getting mad at the wrong person here, full stop.

No I'm not. I;m not angry. I realise this is the fault of Moonpig

>This is gross, inexcusable negligence and incompetence. I'm surprised this guy didn't wait more than a few months, given the severity of this problem.

I agree

>Riiiight. Do you honestly think something this basic wouldn't be discovered by criminals soon, if not already?

We don't know if anyone has already used this. We don't know if anyone ever knew about his. But now we know everyone knows about it. To be honest, I would not be surprised if someone may have already used this for nefarious purposes but at this point in time there doesn't seem to be a public dump of data for low skilled hackers to continue using for years to come.

I still think this should not have been publicly disclosed in this manner. He did not contact the ICO and he left this exploit open for a year because he didn't know the mature way to handle this.

[legrandkay]

You do know that this is the first time a lot of people that do not live in the UK are hearing of the ICO

[nissehulth]

I would say that the period August 2013 to January 2015 is more than "a few months".

[d23]

My wording was crappy there. I meant I'm surprised he didn't wait just a few months. As in, I'm surprised he didn't get impatient and do this earlier.