Categorized | Sophos

Lush customers should check their credit card statements – more websites hacked

LushLush, the handmade cosmetics firm, has shut its Australian and New Zealand websites after hackers apparently gained access to online customers’ personal data.

In a statement posted on its website it “urgently” warns customers who have made online purchases to check with their banks to see if their credit card details have been abused.

It is less than a month since the firm had to issue a similar warning to its UK online customers.

Lush website message

LUSH WEBSITE PRIVACY BREACH
Our website has been the target of hackers

We are sorry to have to announce that the Lush Australian and New Zealand websites have been hacked. We have been alerted today to advise us that entry has been gained and customer personal data may have been obtained by the hackers.

We urgently advise customes who have placed an online order with Lush Australia and New Zealand to contact their bank to discuss if cancelling their credit cards is advisable.

Whilst our website is not linked to the Lush UK website, which was recently compromised, it appears that the Australian and New Zealand Lush sites have also been targeted. As a precautionary matter we have removed access to our website while we carry our further security checks.

There’s some interesting wording in the advisory. For instance, Lush says that its Australian and New Zealand websites are not linked to the UK website, but it doesn’t say that they haven’t suffered from the same vulnerability that allowed the hackers to gain access on the British site.

Furthermore, you have to wonder if Lush was storing its customers credit card information with secure encryption if they are concerned that customers could find that their details are being abused.

Lush says that it has contacted the police regarding the incident, and will send emails to all customers that they believe may have been affected

Last month, Lush attempted to cheer the spirits of affected customers by sharing a video of puppet lemmings singing a song.

Related Posts

Posted on 15 February 2011. Tags: , , , , , , , , , ,

RELATED SEARCH TERMS:

blackhole toolkit website 3, Blackhole Toolkit Website, http blackhole toolkit activity


One Response to “Lush customers should check their credit card statements – more websites hacked”

  1. Bernetta Kuechle says:
    March 3, 2011 at 00:28

    Gracias por la informacion y encontro un sitio de web se llama, para prestamos y creditos, pero, una pregunta, ustedes saben un otra sitio, la informacion es un poco limitado.

Trackbacks/Pingbacks



Security Status

Beware Facebook "Timeline" scams http://t.co/W5EW0cVv
5 months ago
Nigerian government (unknowingly) hosts phishing website http://t.co/uQd42ENw
5 months ago
PCMag Awards McAfee All Access its Editors’ Choice: SANTA CLARA, Calif.--(BUSINESS WIRE)--McAfee today announced... http://t.co/FakV7Vd8
5 months ago
RT @mikko: I hadn't noticed Google Maps has added 3D models of buildings. Here's a (very accurate) view of F-Secure HQ in Helsinki http://t.co/IKfAZlak
5 months ago
North Koreans aren't known for their online presence. But others may be lured into clicking Kim Jong-Il 'videos' too http://t.co/yQOon6YT
5 months ago
How to Protect Your Professional Reputation on Facebook Timeline http://t.co/I4bcR2VN
5 months ago
This is pretty impressive from @Softpedia: Facebook scans 2 trillion link clicks and blocks 220 million posts each day http://t.co/vKsn9gNl
5 months ago
Need for integrated approach to security in industrial control systems - http://t.co/tPBCNOow with @PikeResearch
5 months ago
Some free-based music we play at work http://t.co/xu5agZfc
5 months ago
Japan’s cyber defense weapon: a virus. It includes quotes by @Luis_Corrons via @InfosecurityMag
5 months ago