Lush pickings for credit thief as site hacked

Summary:NSW Police is investigating the theft of an unknown number of credit card details from cosmetics retailer Lush after its Australian and New Zealand websites were cracked overnight.

NSW Police is investigating the theft of an unknown number of credit card details from cosmetics retailer Lush after its Australian and New Zealand websites were cracked overnight.

Red lips

(Red lips image by Tania Siaz, CC2.0)

The attack follows a breach of the Lush UK website in which criminals stole credit cards between 4 October last year and 20 January 2011 and used them for fraudulent purchases. The overseas website is still offline after nearly a month. It plans to post a revamped site.

Lush Australia said customers who have made purchases through its website should contact their banks immediately and possibly cancel their credit cards.

"We are sorry to have to announce that the Lush Australia and New Zealand websites have been hacked. We have been alerted to advise us that entry has been gained and customer details have have been obtained by the hackers," the company said in a written statement.

"We urgently advise customers who have placed an online order with Lush Australia and New Zealand to contact their bank to discuss if cancelling their credit cards is advisable.

"Lush is working with the police, forensic investigators and banks and doing all that we can to investigate the breach in privacy."

The company said the UK and local websites are not linked, but did not confirm if the two use the same hosting software, which could expose both to the same vulnerabilities.

Unlike the UK arm, Lush Australia said it had reacted immediately to the breach to inform affected customers via email.

Topics: Security, Broadband, Browser

About

Darren Pauli has been writing about technology for almost five years, he covers a gamut of news with a special focus on security, keeping readers informed about the world of cyber criminals and the safety measures needed to thwart them.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.