Vulnerabilities found in Monsoon Accessorize servers

Monsoon Accessorize stands accused of having a critical vulnerability, giving unauthorised access to internal company servers and customer data. 

According to a report from cybersecurity research firm, VPNpro, the UK retailer has been using unpatched Pulse Connect Secure VPN servers. The biggest risk here is that hackers can lock down the servers with ransomware, similar to what happened with Travelex.

VPNpro researchers say that they were able to gain access to such internal files as customer information, sensitive business documents, and sales and revenue numbers.

The company claims to have made multiple attempts to contact Monsoon Accessorize with no reply. It adds that the vulnerability remains for both consumers and partners.

The retailer also didn’t respond to our request for comment.

Check out the full report here.

UPDATE: Monsoon has fixed the issue and VPNpro has confirmed that the servers are no longer vulnerable.

Sign up for our free retail technology newsletter here.

Featured
2024 RTIH Innovation Awards
Mar 4
2024 RTIH Innovation Awards
Re:Tech Disrupt 2024
May 21
Re:Tech Disrupt 2024
Shoptalk Europe 2024
Jun 3
Shoptalk Europe 2024
Paris Retail Week 2024
Sep 17
Paris Retail Week 2024
eTail Nordic 2024
Nov 5
eTail Nordic 2024
NRF 2025
Jan 12
NRF 2025
Smart Retail Tech Expo 2025
Feb 25
Smart Retail Tech Expo 2025
Retail Technology Show 2025
Apr 2
Retail Technology Show 2025
Cyber securityStaff WriterMonsoon Accessorize, VPNpro, Cybersecurity, Cybercrime, HackersComment