Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Businesses Privacy United Kingdom IT

UK Cosmetic Retailer Lush Targeted By Hackers 109

Posted by timothy from the people-are-bad dept.
Tasha26 writes "Cosmetic retailer Lush stopped its online activities on Jan 21 due to hacking activities. Their website is still down due to 'continuing attempts to re-enter,' and Lush is thinking of spinning a small PayPal outlet as a temporary solution. The company is urging customers who placed an order between Oct 2010 and Jan 2011 to contact their banks for advice on compromised credit card details. The company even posted a message addressed to the hacker, saying, 'If you are reading this, our web team would like to say that your talents are formidable. We would like to offer you a job — were it not for the fact that your morals are clearly not compatible with ours or our customers.'"
This discussion has been archived. No new comments can be posted.

UK Cosmetic Retailer Lush Targeted By Hackers More

UK Cosmetic Retailer Lush Targeted By Hackers

Comments Filter:

  • Re:Every generation... (Score:4, Informative)

    by jonbryce ( 703250 ) on Saturday January 22, 2011 @04:04AM (#34963562) Homepage

    They were doing it to steal credit card details. There are reports in the comments sections of various newspapers that they were using the cards to buy Telefonica O2 pay as you go credits. Presumably they then use these to phone premium rate numbers and cash out that way.

  • Re:Netcraft says.... (Score:4, Informative)

    by BeanThere ( 28381 ) on Saturday January 22, 2011 @06:28AM (#34963938)

    Wrong, if you check their 'what's that site running' history [netcraft.com] you'll see that they only switched to Apache yesterday. Before that, they were on IIS 5 on, FFS, Windows 2000, which is a sign that they were probably running on outdated poorly managed systems. The fact that the attack attempts "continue" is probably meaningless as whatever they were, they are almost certainly failing now, but the attempts will still show up in the logs which will make any naive IT administrator nervous.

  • Mobile Operators and Police don't help (Score:5, Informative)

    by Ian.Waring ( 591380 ) on Saturday January 22, 2011 @08:43AM (#34964320) Homepage
    My wife is a Lush customer, ordered online in the time period described and did have 2 £15 charges (total just north of $40) for prepay mobile phone credit debited from her account. She spotted that virtually immediately; however, her bank just wanted to snail mail post a claim form to her to get her money back, and O2 (the mobile phone company providing the goods from the fraudulent two transactions) said it was an industry agreed procedure to wait until the bank got in touch with them before they'd do anything. So, bottom line, the thieves have 5 days to use the credit they stole, when O2 could have invalided the transaction immediately and/or aimed some trace to the person using that mobile handset. About as much use as a cow on stilts. We need a Bill Bratton methinks. Follow the money, get to the source.

Slashdot Top Deals

"A car is just a big purse on wheels." -- Johanna Reynolds

Close