Vulnerabilities found in Monsoon Accessorize servers
Monsoon Accessorize stands accused of having a critical vulnerability, giving unauthorised access to internal company servers and customer data.
According to a report from cybersecurity research firm, VPNpro, the UK retailer has been using unpatched Pulse Connect Secure VPN servers. The biggest risk here is that hackers can lock down the servers with ransomware, similar to what happened with Travelex.
VPNpro researchers say that they were able to gain access to such internal files as customer information, sensitive business documents, and sales and revenue numbers.
The company claims to have made multiple attempts to contact Monsoon Accessorize with no reply. It adds that the vulnerability remains for both consumers and partners.
The retailer also didn’t respond to our request for comment.
Check out the full report here.
UPDATE: Monsoon has fixed the issue and VPNpro has confirmed that the servers are no longer vulnerable.