Monsoon Accessorize accused of having “critical” security vulnerabilities


Monsoon Accessorize has been accused of using servers with “critical” vulnerabilities potentially allowing hackers to see users’ details and passwords.

According to new research from VPNpro the fashion retailer is using unpatched Pulse Connect Secure VPN servers, presenting a serious threat to both the company and its clients.

To demonstrate the weakness in its system, VPNpro’s researchers attacked the systems vulnerability and were able to access Monsoon’s internal files.

READ MORE: Former Monsoon tech director joins OneStock

This included everything from employees’ usernames, unique IDs and passwords, administrator details, daily sales data, meeting minutes.

It also found 45,000 customers’ names, emails, countries and around 650,000 reward card and voucher numbers.

Monsoon has reportedly been contacted numerous times via multiple channels from May 28 to June 10 regarding the flaw in its system, but has not yet responded to VPNpro.

VPNpro says that there is not much customers can do to protect their data as the vulnerability and fix rests entirely in their hands.

Click here to sign up to Charged free daily email newsletter



Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.