Lush customer details stolen by hackers

The Lush website is attacked by hackers who stole numerous credit card details.

Lush logo

Lush, the UK-based cosmetics company, has fallen victim to hackers.

The firm revealed its website had been attacked when it emailed its customers, and later posted a notice online, but details of the hack itself have remained few and far between.

What is known is the hack affected customers who made purchases from the site between 4 October 2010 and 20 January 2011 and hackers are continuing to try and break into the site.

As a result, Lush shutdown the website entirely - bar a page explaining the attack - and set up a temporary online shop which accepts PayPal transactions.

"Our website has been the victim of hackers," the online statement read. "24 hour security monitoring has shown us that we are still being targeted and there are continuing attempts to re-enter."

"We refuse to put our customers at risk of another entry - so have decided to completely retire this version of our website."

The statement also included a note addressed to the hacker, which said: "If you are reading this, our web team would like to say that your talents are formidable. We would like to offer you a job - were it not for the fact that your morals are clearly not compatible with ours or our customers."

Rik Ferguson, senior security advisor for Trend Micro, said in a blog post: "For the most part shopping online is as safe as shopping in store, but when a compromise occurs at an online merchant often its consequences are far greater, affecting many more people than in store card cloning due to the centralised nature of online stores."

He added: "If you feel you may have been affected, contact your bank immediately."

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Windows 11 has problems with Oracle VirtualBox
Microsoft Windows

Windows 11 has problems with Oracle VirtualBox

5 Oct 2021