The cosmetics store Lush is making the headlines for all the wrong reasons today, as they announced they were suspending online sales after their website was broken into by hackers.
In a statement on the site, the handmade cosmetics firm explains that customers who purchased goods online between 4 October 2010 and 20 January 2011 may have had their credit card details stolen as a result of the security breach:
We refuse to put our customers at risk of another entry – so have decided to completely retire this version of our website.
For complete ease of mind, we would like all customers that placed ONLINE orders with us between 4th Oct 2010 and today, 20th Jan 2011, to contact their banks for advice as their card details may have been compromised.
In a tongue-and-cheek message to the hacker, Lush said it admired the hacker’s “formidable” skills but would not be offering him a job.
TO THE HACKER
If you are reading this, our web team would like to say that your talents are formidable. We would like to offer you a job – were it not for the fact that your morals are clearly not compatible with ours or our customers.
In perhaps the most bizarre twist of all, Lush has posted a video of toy lemmings singing a song by Elbow on its front page…
Read more in my article on the Naked Security website.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.