Monsoon Accessorize has been accused of using servers with “critical” vulnerabilities potentially allowing hackers to see users’ details and passwords.
According to new research from VPNpro the fashion retailer is using unpatched Pulse Connect Secure VPN servers, presenting a serious threat to both the company and its clients.
To demonstrate the weakness in its system, VPNpro’s researchers attacked the systems vulnerability and were able to access Monsoon’s internal files.
READ MORE: Former Monsoon tech director joins OneStock
This included everything from employees’ usernames, unique IDs and passwords, administrator details, daily sales data, meeting minutes.
It also found 45,000 customers’ names, emails, countries and around 650,000 reward card and voucher numbers.
Monsoon has reportedly been contacted numerous times via multiple channels from May 28 to June 10 regarding the flaw in its system, but has not yet responded to VPNpro.
VPNpro says that there is not much customers can do to protect their data as the vulnerability and fix rests entirely in their hands.