Java flaw let hackers wage 'sophisticated and sustained attack' on UK retailer Lakeland

Summary:Customers of the homeware chain are being asked to reset their passwords after attackers gained access to two encrypted databases.

The website of UK retailer Lakeland has come under "a sophisticated and sustained attack" by hackers exploiting a Java flaw.

Lakeland discovered that hackers began targeting its site on Friday night, the company said in an email sent to customers on Wednesday, and had managed to access two encrypted databases.

Although the homeware retailer has found no evidence that customer data was stolen, Lakeland said it had deleted all passwords for the site and is now asking users to reset them the next time they log in.

After the attack was discovered, "immediate action was taken to block the attack, repair the system and to investigate the damage done, and this investigation continues", Lakeland said.

According to the company, the hackers exploited a Java flaw to access its systems.

"Lakeland had been subjected to a sophisticated cyber-attack using a very recently identified flaw in the Java software used by the servers running our website, and indeed numerous websites around the world. This flaw was used to gain unauthorised access to the Lakeland web system and data. Hacking the Lakeland site has taken a concerted effort and considerable skill," the email to customers said.

It is not known whether a patch had been issued for the flaw in question, however — Lakeland declined to provide any further details on the incident when contacted by ZDNet.

Recent research found large numbers of businesses are running outdated and insecure versions of Java and leaving themselves vulnerable to attack, with 82 percent of businesses running the most vulnerable version of Java — version six — on PCs and servers within their organisation.

Topics: Security, United Kingdom

About

Jo Best has been covering IT for the best part of a decade for publications including silicon.com, Guardian Government Computing and ZDNet in both London and Sydney.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.