📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

LUSH - Important News - UPDATED

Options
18911131418

Comments

  • westv
    westv Posts: 6,460 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    When cards details are stolen it always seems to be O2 top ups that are used first to test the card.
  • 1984ReturnsForReal_2
    1984ReturnsForReal_2 Posts: 15,431 Forumite
    westv wrote: »
    When cards details are stolen it always seems to be O2 top ups that are used first to test the card.


    And there can be only 2 reasons for that.
    Not Again
  • chrisotherwise
    chrisotherwise Posts: 71 Forumite
    Part of the Furniture 10 Posts Combo Breaker
    westv wrote: »
    When cards details are stolen it always seems to be O2 top ups that are used first to test the card.

    Of course O2 and the police could very easily track down and prosecute those who use stolen credit cards to top up their phones. Or even add better security measures. Wonder why they don't...
  • SallyG
    SallyG Posts: 850 Forumite
    jen 4567 wrote
    "If anyone has had their card details stolen I would check your credit file to see if you have had any accounts opened in your name! "
    What's the quickest way to do that ?
    How can you prove it wasn't you who opened the accounts?
    PS about card and contact details stored within Tesco grocery website encrypted secure area - should I remove them - if so how?
    or are they as safe asyou'll ever get.

    PPS my son works in IT and will do anything to avoid buying and banking online.
  • vuvuzela
    vuvuzela Posts: 3,648 Forumite
    debjay wrote: »
    Cant seem to take my CC details off Play. Have tried 16 random digits but it says its the wrong length :o

    Google for visa test number or mastercard test number - you can find ones that will be accepted but can't be used for transactions.
  • emeraldbugle
    emeraldbugle Posts: 1,063 Forumite
    Part of the Furniture 500 Posts Combo Breaker
    jimbo24168 wrote: »
    I don't think it's hilarious. I'm thinking of all the hassle I'm going to have trying to return goods to shops that were purchased on the card I've had to cancel because of Lush's incompetance. Shops will only give a refund to the card that was used for the purchase.

    That isn't an issue. I had to return items last year after our card was compromised and they issued a new card. You still have the same account, just a new card number.

    I took my statement with me just in case, but it wasn't an issue. They should just refund.
  • hallmark
    hallmark Posts: 1,463 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Combo Breaker
    yummy.scrummy.mummy wrote: »
    i dont watch hackers on TV thanks, but as soon as you create something which you think is secure there is always going be other people who can make that unsecure so new advances need to be made. you can crypt it all you want but there will still be people out there who will be able to do it. to think that you are fully protected from hackers is naive, there are people out there who can get into anything they want whether you are encrypted well or not.

    I've tried to be polite but with respect you don't have a clue what you're talking about.
  • jen4567
    jen4567 Posts: 2 Newbie
    sallyG - you can check your credit file online with equifax,experian etc
    The frightening thing is im not sure how you can prove that it wasnt you who set up any accounts. Im still waiting to access my credit file.
    With regards to the catalogue company, I already have an account with them and have done for a few years so Ive been told that they are happy that fraud has been committed in this case. Im still gobsmacked that someone has managed to open a new account with a different billing and delivery address hundreds of miles away from each other and managed to buy hundreds of pounds worth of stuff in a few days and no-one at the company seemed to notice until I alerted them!
  • 1984ReturnsForReal_2
    1984ReturnsForReal_2 Posts: 15,431 Forumite
    hallmark wrote: »
    I've tried to be polite but with respect you don't have a clue what you're talking about.


    I was thinking about posting the link for the extended jail terms people get now for not passing over encryption codes to the police so they can examine data.

    Not that it would do much good because some peeps think its easy for professionals.
    Not Again
  • StumpyPumpy
    StumpyPumpy Posts: 1,458 Forumite
    Part of the Furniture 1,000 Posts Photogenic
    At this moment, I think it is slightly premature to lay the blame for this security breach with Lush themselves. I'm not saying that they don't deserve it, only saying that they might not. Lush could well have maintained their servers in a responsible, secure and compliant way - which, after all is what we want them to do - yet still have become vulnerable through a third party.
    To illustrate I'll give a real example from the past: I am aware of several websites, some very large, well known, international sites, that had confidential user data stolen because they had followed the security advice and installed the latest version of a part of their web management software. Unknown to them, and to anyone else at the time, there was a horrible, stupid and ultimately costly error in this update.
    The error was a simple one but almost undetectable to any standard pre-update checks: It shipped with a debug version of a single script file that contained within it the administrator's username and password: giving anyone who knew where to look total control of the system. The nature of this file meant it had to be outward facing, so was exposed to the world. You could actually identify at risk websites with a specific Google search: it was so easy.
    As is often the case, the hackers found out first, the sites were hacked and the site owners got the blame; when in truth they were following guidelines and it wasn't their fault. Of course, any site that still has this vulnerability is totally culpable, as the hole has been patched and some details about it even turned up on non-security sites and news sites such as the BBC. But the important thing about this particular issue is that the hackers got to do whatever they wanted with the system and the data held with in it: absolutely anything. In these circumstances, encryption was no obstacle because the hackers had the keys to the vault.
    For those affected, Lush is the only target you have to vent your spleen, and you have a right to be upset about it, but in truth you might never know any details about this particular attack or where fault ultimately lies. Even if you find out that Lush stored user details on post-it notes and was driven by pirated software, spare a thought for the person on the Lush hotline before you decide to call and offload on them. They are the least likely to have any responsibility for your situation and will have probably been shouted at all day already. Your time is better spent canceling your cards.

    SP
    Come on people, it's not difficult: lose means to be unable to find, loose means not being fixed in place. So if you have a hole in your pocket you might lose your loose change.
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351.2K Banking & Borrowing
  • 253.2K Reduce Debt & Boost Income
  • 453.7K Spending & Discounts
  • 244.2K Work, Benefits & Business
  • 599.2K Mortgages, Homes & Bills
  • 177K Life & Family
  • 257.6K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture