From story on Stuff, Lush has its server compromised...
As many as 9000 New Zealanders may have had their credit card and personal details stolen after the Lush cosmetics website was hacked.
The company has urged its online customers in New Zealand and Australia to contact their banks to discuss cancelling their credit cards.
The article makes it sound like they stored credit card details in the same DB or same server. Not clear if that's the case, but that would be a big lack of security.
As well as credit card details, the database contained customers' names, addresses, phone numbers and dates of birth.
Sure, everything a scammer needs, in a single place.
Lush was contacting customers by email to inform them of the hacking and was not aware of any whose cards had been used fraudulently.
Of course they are not aware. Unless they monitor the underworld, credit card transactions on the other side of the world, and other things. They would only know if a customer complained, and customers wouldn't know how they information leaked, until now.
Its British website was hacked last month and some customers there reported their cards had been fraudulently used.
Mr Lincoln said he did not know whether the hackers were specifically targeting Lush or the type of software it was using."
It happened before to another server on the same company, but nothing was changed in that month?
It sounds like the Hell Pizza episode, when their site was accessed here in New Zealand, but the Australian one, based on the same application, was still running... Back then it took the company months before admitting to the breach. Lucky it was just email addresses, not credit card. But people receiving the spam weren't happy.
Other related posts:
Microsoft Ignite New Zealand, Microsoft Surface Studio
Geekzone data analytics with Power BI
Now with more fibre
comments powered by Disqus