Kitchenware store Lakeland has emailed customers telling them that hackers managed to gain unauthorised access to its web systems and databases late last week.
Although the company has confirmed that hackers accessed “two encrypted databases”, it has been unable to ascertain whether information was stolen.
Perhaps reasonably, the firm has chosen to assume the worst, and reset all customers’ passwords and asked them to choose new passwords next time they login.
Part of the email reads:
Late on Friday July 19th we discovered that the Lakeland website was being attacked by hackers in a sophisticated and sustained attack. Immediate action was taken to block the attack, repair the system and to investigate the damage done and this investigation continues.
Today it has become clear that two encrypted databases were accessed, though we've not been able to find any evidence that the data has been stolen. However, we have decided that it is safest to delete all the customer passwords used on our site and invite customers to reset their passwords next time they visit the Lakeland site. Next time you log-in to your Lakeland account you will be asked to reset your password and provide a new one. It is not necessary to do this straight away, just the next time you want to use the account.
Lakeland has also advised customers to ensure that they are not using the same passwords anywhere else on the internet.
That’s advice that really needs to be underlined. Far too many people use the same password for multiple websites, meaning that if their password gets hacked in one place they could find other online accounts are subsequently compromised.
Interestingly, in its warning emailed out to customers, Lakeland gives a clue as to how the hackers might have managed to breach its systems:
Lakeland had been subjected to a sophisticated cyber-attack using a very recently identified flaw in the Java software used by the servers running our website, and indeed numerous websites around the world. This flaw was used to gain unauthorised access to the Lakeland web system and data. Hacking the Lakeland site has taken a concerted effort and considerable skill. We only wish that those responsible used their talent for good rather than criminal ends.
Quite what Java vulnerability Lakeland is referring to isn’t currently clear, but add it to the pile of reasons (if you needed any more) why you probably want to keep as far away from that vulnerability-ridden technology as possible.