UK homeware retailer Lakeland is asking its customers to change their passwords as a precaution following a hack attack that allowed cybercrooks to reach two of its encrypted databases. Lakeland sent an email to customers late on Tuesday admitting the breach, and informing them that it was resetting passwords. Users will be …
I suspect we will see a lot more of this ..
smaller, less well known e-commerce sites being targeted, on the assumption their security will be less bullet proof, and giving hackers access to a load of personal data they can then use on bigger sites.
Once again: NEVER REUSE YOUR PASSWORD.
Re: I suspect we will see a lot more of this ..
... and don't forget to check your Ubuntu forum password is not also reused for Amazon, or whatever. It was hacked the other day.
Since I never tick the box that says 'Save your card detail for future convenience' , then I don't have to worry about that sort of problem. Do I? Even if I did, they wouldn't store the 3-digit CC security code. Would they?
I use Paypal wherever possible for this reason. I don't totally trust Paypal but I think it reduces my exposure.
Re: No worries?
> they wouldn't store the 3-digit CC security code. Would they?
If they do they'll be in big trouble with the card suppliers. Storing that is an absolute no-no, and could leave Lakeland liable to the costs.
In fairness, the payment part of most websites is usually supplied by a bank, or related financial services company, it's just too risky and legally complex to knock-up a DIY version. I personally would trust Paypal a lot less than I'd trust a high-street business website.
The email I got from Lakeland said that the problem was due to a recently-discovered flaw in Java, which implies that they weren't up-to-date with patches. Anyone know what OS the site runs?
@ Phil O'Sophical
Lakeland have removed from their website statement any detail of where the flaw is.
Suggest you delete your post.
Re: @ Phil O'Sophical
It says it was a Java flaw in the linked article.
However it says it was a recently discovered flaw, it doesn't state whether it had been patched yet.
As for the OS, there is a good chance they are running Linux - they appear to be running Apache web server.
"Suggest you delete your post"
Because it's hot news that some versions of Java have security issues?
Really, this horse left the stable quite a while ago...
Who's downvoting in here ?
Downvoter, you downvoted my neutral 1 sentence comment why, exactly ? And why were comments by DaLo, Frankly, and JimmyPage downvoted ?
Re: Who's downvoting in here ?
Dunno why your original post was downvoted, but I did it with JimmyPage for overdramatic, patronising use of caps when stating something that 99% (if not more,) of the target audience already knows. Thanks for the revelation.
I'm guessing your first downvote was someone thinking the same thing. Since the rest of us most likely read the article too.
frank ly? Someone probably decided he sounded a bit complacent on a forum aimed at techinical types.
DaLo? Because he suggested a hacked site might be running Linux, based on the rabis nature of some people on here. Surprised there weren't more than 30.
I'm giving you your second because people who whinge about downvoting always get one from me. Suck it up, man ...
Re: Who's downvoting in here ?
Surely demanding explanations for downvotes is not really the done thing. Comes over as a bit rude, and kind of insecure. A downvoter's downvote is that downvoter's own affair.
Be interesting to know how truly sophisticated the attack was ...
Given that we hear again and again that in the majority of cases it is existing vulnerabilities that are being targeted, some pretty old.
- Asteroid's SHOCK DINO MURDER SPREE just bad luck - boffins
- BEST BATTERY EVER: All lithium, all the time, plus a dash of carbon nano-stuff
- Stick a 4K in them: Super high-res TVs are DONE
- Review You didn't get the MeMO? Asus Pad 7 Android tab is ... not bad
- FTC to mobile carriers: If you could stop text scammers being jerks that'd be just great