The website of UK retailer Lakeland has come under "a sophisticated and sustained attack" by hackers exploiting a Java flaw.
Lakeland discovered that hackers began targeting its site on Friday night, the company said in an email sent to customers on Wednesday, and had managed to access two encrypted databases.
Although the homeware retailer has found no evidence that customer data was stolen, Lakeland said it had deleted all passwords for the site and is now asking users to reset them the next time they log in.
After the attack was discovered, "immediate action was taken to block the attack, repair the system and to investigate the damage done, and this investigation continues", Lakeland said.
According to the company, the hackers exploited a Java flaw to access its systems.
"Lakeland had been subjected to a sophisticated cyber-attack using a very recently identified flaw in the Java software used by the servers running our website, and indeed numerous websites around the world. This flaw was used to gain unauthorised access to the Lakeland web system and data. Hacking the Lakeland site has taken a concerted effort and considerable skill," the email to customers said.
It is not known whether a patch had been issued for the flaw in question, however — Lakeland declined to provide any further details on the incident when contacted by ZDNet.
Recent research found large numbers of businesses are running outdated and insecure versions of Java and leaving themselves vulnerable to attack, with 82 percent of businesses running the most vulnerable version of Java — version six — on PCs and servers within their organisation.