Australian cosmetics retailer Lush has pulled the kill-switch on its web store following a security breach. In a statement that replaced its home page on Tuesday, Lush Australia says it has been alerted that the security breach may have exposed customers' credit card information. The statement directs customers to contact their …
May not be "Linked"
But I wouldn't be surprised if the same basic construction / code was used, with the only differences being the sales text and some of the pictures. You'd have thought that they would have checked the first time around.
Instead of developing lumpy soaps on a rope prehaps they should divert their attention to clue sticks and security, as this is just embarrassing
if you ask me...
...it would seem like they were just begging to be taken down simply by being called "Lush".
Stinks as much as their products.
Spot on ...
I remember trailing after my wife round one of those stores and getting a headache from the olfactory senses bombardment ... at least this gives them a headache!
(I wonder what their employee turn-over is? I couldn't work in one of those stores for 10 minutes let-alone a day!)
Conan the Smelly Barbarian (AKA RegisterThis)
"Our Website is not linked to the Lush UK Website, which was recently compromised,"
You would think that having been compromised once, they might have given their other sites the "once over"?
The icon of choice!
"Lush Australasia director Mark Lincoln says customers would not have been aware that their card details were kept."
I think this is a major cause for concern. Just like XBox Live keeps details without card owners' knowledge, they have also been keeping details without the card owners' knowledge.
Remind me why Lush needed to keep people's credit card details?
"bath bomb retailer"
Rather disapointed to see that there are in fact no exploding baths
I think you'll find that's the province of the music industry*, not cosmetic products retailers.
*Or rather, was. I haven't seen a; "Rock band trashed hotel rooms with high explosives" story for some years now. Shame really.....
I was one of the effected customers fromt he UK site, quite annoying as I definately didnt tick any "Please remember my card details" box.
Apparently they knew before christmas about the problem on the UK site but held out on letting anyone know because it might scare off the christmas punters, the police should be bloody investigating them as well as the hacker that did it. When I rang the bank to cancel my cards etc... they said they'd had tonnes of people ringing to cancel because of emails from Lush.
Massive points off for security (or lack thereof)...
... But you have to give them credit for admitting the breach and actually telling customers it happened. If it had been in the UK, they wouldnt have admitted a thing until the press had somehow found out about it (and they would probably still have denied it for a few months first!)...
Having worked in IT for decades I can't imagine any company being so coordinated as to run the same set-up in two countries.
Lush is a major backer of the Green movement. Now what agency would ever try to infiltrate of attack such a group, hmmm?
- Elon Musk's LEAKY THRUSTER gas stalls Space Station supply run
- Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
- FOUR DAYS: That's how long it took to crack Galaxy S5 fingerscanner
- Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
- Did a date calculation bug just cost hard-up Co-op Bank £110m?