Lush customer details stolen by hackers
The Lush website is attacked by hackers who stole numerous credit card details.
The firm revealed its website had been attacked when it emailed its customers, and later posted a notice online, but details of the hack itself have remained few and far between.
What is known is the hack affected customers who made purchases from the site between 4 October 2010 and 20 January 2011 and hackers are continuing to try and break into the site.
As a result, Lush shutdown the website entirely - bar a page explaining the attack - and set up a temporary online shop which accepts PayPal transactions.
"Our website has been the victim of hackers," the online statement read. "24 hour security monitoring has shown us that we are still being targeted and there are continuing attempts to re-enter."
"We refuse to put our customers at risk of another entry - so have decided to completely retire this version of our website."
The statement also included a note addressed to the hacker, which said: "If you are reading this, our web team would like to say that your talents are formidable. We would like to offer you a job - were it not for the fact that your morals are clearly not compatible with ours or our customers."
Rik Ferguson, senior security advisor for Trend Micro, said in a blog post: "For the most part shopping online is as safe as shopping in store, but when a compromise occurs at an online merchant often its consequences are far greater, affecting many more people than in store card cloning due to the centralised nature of online stores."
He added: "If you feel you may have been affected, contact your bank immediately."
The ultimate law enforcement agency guide to going mobile
Best practices for implementing a mobile device programFree download
The business value of Red Hat OpenShift
Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShiftFree download
Managing security and risk across the IT supply chain: A practical approach
Best practices for IT supply chain securityFree download
Digital remote monitoring and dispatch services’ impact on edge computing and data centres
Seven trends redefining remote monitoring and field service dispatch service requirementsFree download