Moonpig Hacker Escapes Jail Term

Written by

A 22-year-old UK hacker whose cyber-attack on greetings card giant Moonpig is said to have cost the firm £150,000 has escaped with a suspended jail sentence and a fine of just £200.

Anthony Luke Fulton, of Cleator Moor in Cumbria, was ordered to pay £100 in compensation to the firm and a £100 ‘victim surcharge’ as well as complete 100 hours’ unpaid work, after being handed down a 16-month prison sentence, suspended for two years.

Fulton had already admitted at an earlier magistrate’s hearing to three charges of causing a computer to “perform a function with intent to enable or secure unauthorized access,” according to local reports.

Over a four-day period in July 2015 he’s said to have managed to access the records of around 18,000 customers.

The intrusion apparently forced the firm to suspend its site in the US, UK and Australia while an investigation was carried out, leading to a significant amount of lost sales.

In the end, he's said to have been traced via an IP address which led investigators to Fulton's girlfriend's home.

On 26 July Moonpig was forced to issue a statement revealing that customer email addresses, account balance and passwords had been “illegally published.”

However, it claimed that said data was actually obtained from third party sites.

“This data was then used to access the account balances of some of our Moonpig.com customers,” it added. “As a reminder, we do not store full credit card information ourselves so this data was not accessible in any event.”

Sentencing Fulton at Carlisle Crown Court on Wednesday, judge Barbara Forrester apparently claimed: "I am limited in that I can't order any more [compensation] much as I would like to."

She has, however, ordered that his computer be modified so that Fulton can’t use privacy settings in his browser to hide his activity, or delete his web history.

Some will argue that Fulton’s sentence doesn’t fit the crime, given the amount Moonpig lost due to the incident.

However, this is not the first time the firm’s IT security posture has been called into question.

In January last year Moonpig was widely criticized by security experts after it emerged the firm had failed to fix a vulnerability for over 16 months which could allow hackers to steal personal details from its customers.

It’s not clear what motivated Fulton to carry out the attack on the greeting card giant.

What’s hot on Infosecurity Magazine?