Feeds

back to article Luckless Lush hammered in hack

Australian cosmetics retailer Lush has pulled the kill-switch on its web store following a security breach. In a statement that replaced its home page on Tuesday, Lush Australia says it has been alerted that the security breach may have exposed customers' credit card information. The statement directs customers to contact their …

COMMENTS

This topic is closed for new posts.
FAIL

May not be "Linked"

But I wouldn't be surprised if the same basic construction / code was used, with the only differences being the sales text and some of the pictures. You'd have thought that they would have checked the first time around.

Instead of developing lumpy soaps on a rope prehaps they should divert their attention to clue sticks and security, as this is just embarrassing

4
0
Bronze badge
Coat

if you ask me...

...it would seem like they were just begging to be taken down simply by being called "Lush".

0
0
Silver badge

Lush's security

Stinks as much as their products.

1
0
Thumb Up

Spot on ...

I remember trailing after my wife round one of those stores and getting a headache from the olfactory senses bombardment ... at least this gives them a headache!

(I wonder what their employee turn-over is? I couldn't work in one of those stores for 10 minutes let-alone a day!)

Conan the Smelly Barbarian (AKA RegisterThis)

1
0
Silver badge
FAIL

"Our Website is not linked to the Lush UK Website, which was recently compromised,"

Yeah right!

Sniggers.

You would think that having been compromised once, they might have given their other sites the "once over"?

The icon of choice!

0
0
FAIL

Alarm Bells

"Lush Australasia director Mark Lincoln says customers would not have been aware that their card details were kept."

I think this is a major cause for concern. Just like XBox Live keeps details without card owners' knowledge, they have also been keeping details without the card owners' knowledge.

1
0

Why?

Remind me why Lush needed to keep people's credit card details?

1
0
Grenade

"bath bomb retailer"

Rather disapointed to see that there are in fact no exploding baths

0
0
Gold badge
Coat

Exploding baths?

I think you'll find that's the province of the music industry*, not cosmetic products retailers.

*Or rather, was. I haven't seen a; "Rock band trashed hotel rooms with high explosives" story for some years now. Shame really.....

0
0
Unhappy

Gits

I was one of the effected customers fromt he UK site, quite annoying as I definately didnt tick any "Please remember my card details" box.

Apparently they knew before christmas about the problem on the UK site but held out on letting anyone know because it might scare off the christmas punters, the police should be bloody investigating them as well as the hacker that did it. When I rang the bank to cancel my cards etc... they said they'd had tonnes of people ringing to cancel because of emails from Lush.

1
0
Silver badge
Thumb Down

Massive points off for security (or lack thereof)...

... But you have to give them credit for admitting the breach and actually telling customers it happened. If it had been in the UK, they wouldnt have admitted a thing until the press had somehow found out about it (and they would probably still have denied it for a few months first!)...

0
0
Grenade

Hmmm

Having worked in IT for decades I can't imagine any company being so coordinated as to run the same set-up in two countries.

Lush is a major backer of the Green movement. Now what agency would ever try to infiltrate of attack such a group, hmmm?

0
0
This topic is closed for new posts.