Luckless Lush hammered in hack
Australia site of bath bomb retailer blitzed
Australian cosmetics retailer Lush has pulled the kill-switch on its web store following a security breach.
In a statement that replaced its home page on Tuesday, Lush Australia says it has been alerted that the security breach may have exposed customers' credit card information. The statement directs customers to contact their bank to discuss whether cancellation is warranted.
In spite of the similarity to a similar breach of Lush's security in the UK, the company claims the two incidents are not related.
"Our Website is not linked to the Lush UK Website, which was recently compromised," the company's statement said.
Update: card theft confirmed
According to a report by the ABC, Lush has since confirmed that card details were stolen, along with the company's entire customer database.
Lush Australasia director Mark Lincoln says customers would not have been aware that their card details were kept. The ABC report says the vulnerability occurred because of a "failure to keep the Website updated".
The company told the ABC it does not know how long breaches may have been occurring. ®
May not be "Linked"
But I wouldn't be surprised if the same basic construction / code was used, with the only differences being the sales text and some of the pictures. You'd have thought that they would have checked the first time around.
Instead of developing lumpy soaps on a rope prehaps they should divert their attention to clue sticks and security, as this is just embarrassing
I was one of the effected customers fromt he UK site, quite annoying as I definately didnt tick any "Please remember my card details" box.
Apparently they knew before christmas about the problem on the UK site but held out on letting anyone know because it might scare off the christmas punters, the police should be bloody investigating them as well as the hacker that did it. When I rang the bank to cancel my cards etc... they said they'd had tonnes of people ringing to cancel because of emails from Lush.
Remind me why Lush needed to keep people's credit card details?