Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK Cosmetic Retailer Lush Targeted By Hackers

Posted by timothy on from the people-are-bad dept.

Tasha26 writes "Cosmetic retailer Lush stopped its online activities on Jan 21 due to hacking activities. Their website is still down due to 'continuing attempts to re-enter,' and Lush is thinking of spinning a small PayPal outlet as a temporary solution. The company is urging customers who placed an order between Oct 2010 and Jan 2011 to contact their banks for advice on compromised credit card details. The company even posted a message addressed to the hacker, saying, 'If you are reading this, our web team would like to say that your talents are formidable. We would like to offer you a job — were it not for the fact that your morals are clearly not compatible with ours or our customers.'"

5 of 109 comments (clear)

  1. My opposite experience by cappp · · Score: 5, Funny

    Weird. My ex always sent me off to increase my "online activities" whenever I made "continued attempts to enter".

  2. Re:Oh come on... by rtfa-troll · · Score: 5, Insightful

    A "top notch" IT team will have

    • offline backups
    • the ability to restore quickly
    • the ability to expand capacity quickly
    • the ability to do almost immediate updates*
    • basic forensic ability to work out what's going on

    Sure, your system may be compromised. Sure; the first replacement system may be compromised again. During the compromise of the second you should get enough logs that the third (or at worst fifth time) you come back, all the zero day attacks the attacker is using have gone.

    Anyone can lose a few hours of outage. To be down for a day and have to start begging for mercy is not a sign that their IT "skills are formidable"

    * at the cost of a short term outage;

    --
    =~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
  3. Re:Smelly by ettlz · · Score: 4, Funny

    Ha! I cannot stand them and never understand why so many 16-19 year olds go crazy over a bar of soap..

    Oh, it's only a phase. It normally ends once they go to university.

  4. Mobile Operators and Police don't help by Ian.Waring · · Score: 4, Informative

    My wife is a Lush customer, ordered online in the time period described and did have 2 £15 charges (total just north of $40) for prepay mobile phone credit debited from her account. She spotted that virtually immediately; however, her bank just wanted to snail mail post a claim form to her to get her money back, and O2 (the mobile phone company providing the goods from the fraudulent two transactions) said it was an industry agreed procedure to wait until the bank got in touch with them before they'd do anything. So, bottom line, the thieves have 5 days to use the credit they stole, when O2 could have invalided the transaction immediately and/or aimed some trace to the person using that mobile handset. About as much use as a cow on stilts. We need a Bill Bratton methinks. Follow the money, get to the source.

  5. Re:Oh come on... by drinkypoo · · Score: 4, Interesting

    Noxious fumes from heavily scented products? Have you actually smelled their products? It's probably the only thing in Macy's that won't make my airway tighten up instantly. I have asthma and that toxic bullshit that is in most body products makes me react immediately, whether I can actually smell it or not; and so much the worse if I can smell it, since my body has been trained to associate the toxic reaction with the artificial smell.

    My lady has Lush products and they are both less scented and less noxious than virtually anything else on the market. Stop with your FUD.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"