Kitchenware store Lakeland has emailed customers telling them that hackers managed to gain unauthorised access to its web systems and databases late last week.
Although the company has confirmed that hackers accessed “two encrypted databases”, it has been unable to ascertain whether information was stolen.
Perhaps reasonably, the firm has chosen to assume the worst, and reset all customers’ passwords and asked them to choose new passwords next time they login.
Part of the email reads:
Today it has become clear that two encrypted databases were accessed, though we've not been able to find any evidence that the data has been stolen. However, we have decided that it is safest to delete all the customer passwords used on our site and invite customers to reset their passwords next time they visit the Lakeland site. Next time you log-in to your Lakeland account you will be asked to reset your password and provide a new one. It is not necessary to do this straight away, just the next time you want to use the account.
Lakeland has also advised customers to ensure that they are not using the same passwords anywhere else on the internet.
That’s advice that really needs to be underlined. Far too many people use the same password for multiple websites, meaning that if their password gets hacked in one place they could find other online accounts are subsequently compromised.
Interestingly, in its warning emailed out to customers, Lakeland gives a clue as to how the hackers might have managed to breach its systems:
Quite what Java vulnerability Lakeland is referring to isn’t currently clear, but add it to the pile of reasons (if you needed any more) why you probably want to keep as far away from that vulnerability-ridden technology as possible.