UK Cosmetic Retailer Lush Targeted By Hackers

← Back to Stories (view on slashdot.org)

UK Cosmetic Retailer Lush Targeted By Hackers

Posted by timothy on Friday January 21, 2011 @07:02PM from the people-are-bad dept.

Tasha26 writes "Cosmetic retailer Lush stopped its online activities on Jan 21 due to hacking activities. Their website is still down due to 'continuing attempts to re-enter,' and Lush is thinking of spinning a small PayPal outlet as a temporary solution. The company is urging customers who placed an order between Oct 2010 and Jan 2011 to contact their banks for advice on compromised credit card details. The company even posted a message addressed to the hacker, saying, 'If you are reading this, our web team would like to say that your talents are formidable. We would like to offer you a job — were it not for the fact that your morals are clearly not compatible with ours or our customers.'"

4 of 109 comments (clear)

Min score:

Reason:

Sort:

Oh come on... by samcan · 2011-01-21 19:08 · Score: 3, Interesting

It's not a matter of whether the hacker's skills are formidable, it's a matter of whether Lush's IT team's aren't.
1. Re:Oh come on... by drinkypoo · 2011-01-22 04:17 · Score: 4, Interesting
  
  Noxious fumes from heavily scented products? Have you actually smelled their products? It's probably the only thing in Macy's that won't make my airway tighten up instantly. I have asthma and that toxic bullshit that is in most body products makes me react immediately, whether I can actually smell it or not; and so much the worse if I can smell it, since my body has been trained to associate the toxic reaction with the artificial smell.
  My lady has Lush products and they are both less scented and less noxious than virtually anything else on the market. Stop with your FUD.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Our morals and those of our customers? by Kaz+Kylheku · 2011-01-21 20:24 · Score: 1, Interesting

How do they ascertain customer's morals? Just because someone buys something from you doesn't mean they have good morals!
What if the culprits turn out to be customers assisted by an employee? :)
Re:My opposite experience by Anonymous Coward · 2011-01-21 21:55 · Score: 2, Interesting

'If you are reading this, our web team would like to say that your talents are formidable. We would like to offer you a job — were it not for the fact that your morals are clearly not compatible with ours or our customers.'
Oh for fucks sake. Security isn't a battle against good or evil. The genius attackers are most likely using a simple exploit. An open mysql port or a conveniently informative log file. Fix your shopping cart you morons.
MySQL? Looks like the port is open. Running 5.0.91 by the looks of it too.
And they wonder why they were hacked.