The private information of more than a million customers of online takeaway giant Menulog is at risk of being stolen, with experts deeming the website as "vulnerable" and "not secure".

Nicola Holden, from Victorian chain Pizza Fellas, said when she logged in to the Menulog website, she stumbled upon the names and email addresses of more than 1.1 million customers. She should only have been able to see her company's own.

"It's a pretty intensive list - names of police, celebrities, people in government in there. If I saw it through the client portal, it means it's probably also been shared with thousands of other people who are not monitored or controlled," she said.

Ms Holden alerted Menulog to the potential security flaw, but she said its response was inadequate.