LUSH - Important News - UPDATED

jue

Thank you for posting this, have rung and cancelled my credit card, new one being posted out. Thank goodness no fraudulent use.

yummy.scrummy.mummy

hallmark wrote: »

There's nothing wrong with judging. It's prejudging that's wrong.

I'm judging you fairly on what you've written & you don't know what you're talking about. For the last time POOR online systems can be broken into. Properly designed systems cannot. I look after systems for parts of the the Govt & the Police & I can assure you no-one has ever got past the first line of defence let alone the ones after that. Despite what you seem to believe it is not difficult to stop hackers, if you know what you're doing. The fact that you keep insisting it is easy simply proves you're not an expert I'm afraid.

"hacking pays more than securing a system and always will." Is a stupid statement that you've plucked out of thin air BTW, with no basis whatsoever in fact.

Anyway, if you want to keep insisting you are correct feel free, I'm not going to reply to you anymore since I get the feeling you are convinced you're right & won't listen to anyone telling you any different.

ok im sure its impossible to crack into your government agencies even though there has been times when some nerd behind his pc has managed to crack into government files where they really shouldnt have been able to because they were said to be so secure. realistically the companies we are talking about arent going to be as secure as police or government files. databases online from companies get copied on a regular basis, half of the junk mail you get will be because of a company youve signed up to having their database replicated. you probably wouldnt even be aware of it because it wouldnt of done any damage but their databases can be copied and then sold onto other companies which pay just for details to send out junk. doesnt matter how secure you are, you can STILL be targeted. i cant wait for the day some little kid targets you behind his pc screen to get you to admit you are wrong..

working in internet security and you think you are unbeatable, you are ALWAYS beatable on the internet because what you set up can always be broken through with the right knowledge.

people who write anti virus software get paid a lot but the ones who can write programs to avoid it would benefit more. its not unheard of to have people who write anti virus software to write software to get around that software it because they can cash in on more of it, so yes it does have basis when i say that it pays more to crack things than code secure systems. QQ

shikoku

http://www.guardian.co.uk/money/2011/jan/21/lush-website-hack-customers-fraud

hallmark

KevInChester wrote: »

Hi please get onto these magical hackers and ask if they can decrypt the AES-256 insurance file that Wikileaks released Thanks.

Lol, don't confuse her! She doesn't actually know anything about IT security, she just knows she's right :rotfl:

malebolge

A few people io here have mentioned it was Tescos who noticed and alerted about fraud - same happened to my mate. Well done Tesco for watching trends. Similar thing happened to my friend but not because of Lush. This is what happened to her:

First thing she knew about anything was when she went to place her reegular Tesco groceries order and it refused her card. Within minutes she was contacted not by Tesco but by the fraud division of the local police who checked some details about her and said not to panic, she'd lost no money but someone was coming to the house - which they did within the hour. They also told her to cancel all her cards. When the police came, they explained that her card had been reported to them because purchases fitted a known 'trend'. Apparently someone had stolen details, and when using the stolen cards, would firstly m,ake a very small purchase online, then one a bit larger, then finally blitz the card. Tesco routinely flag up when they get a pattern. What really worried my mate was that for some of the other attempted purchases the hackers had managed to even get stuff such as her mother's maiden name. She was also thrown at how much info on her the fraud squad already knew (not that she was in trouble, they'd managed to get the info about where she usually shopped etc verty quickly.

A very sobering thought - and it's made me very careful. Also made me make sure I have identity theft protection in my insurance so if the worst happens, I'll not lose out.

cherryblossomchris

I (stupidly) bought Christmas presents from Lush last year with my card.
Today I had a letter from my bank telling me that my card had been blocked due to suspicious transactions.
I called them and sure enough Ive lost money to this little scam....trouble is that Lush knew about this for ages before saying anything to anyone.

SallyG

The two £15 O2 payments made on the same day fraudulently with my stolen card details have now appeared in my online bank statement; I rang the bank and the money has been refunded to my account by the bank who've retrieved the money from O2.
They're sending me some form to fill in confirming the payments were fraudulent; they say it's now O2's job to inform the police and I don't need to.
I've cancelled my debit and credit cards now and I'm going to check my credit record for any fraudulent stuff.
Do I have to worry beyond that -
Won't the fraud bells go off if they use my cancelled card details for any future fraud ?

Why would anyone make two £15 phone top ups on the same day instead of one £30????
Maybe two same day O2 top ups should trigger the Fraud Squad?

msgigglewick

smaller amounts are more likely to go undetected is the theory i do believe. If your cards have been changed then the old ones (numbers) will no longer work for them. so anything won't go through. some people are getting police forms to fill in and to return. not everyone as each bank is different.

1984ReturnsForReal_2

........................
http://www.bbc.co.uk/news/technology-12254282

Hilary Jones, ethical director at Lush, said the firm became aware of problems on Christmas day when hackers were discovered to have penetrated the site.
The site was taken down and did little trade between Christmas and New Year while Lush investigated to see if the hackers were merely mischievous or out to make money.
It became obvious that the hackers were after cash as European customers began reporting small purchases made with credit cards that had been used on Lush and other web shops.
Ms Jones said the small transactions were "test" purchases that thieves do to see if a stolen credit card is still live.
She said that when it became obvious that a lot of test purchases were being made and the Lush site was the key, the company shut down its store and told customers what had happened.
"As an ethical company we could not keep that information to ourselves," said Ms Jones. "We had to tell a huge raft of customers."
The four-month window that people needed to check was a safeguard to ensure all at-risk customers were covered, she said. The site was not vulnerable throughout that time.
"We really want to make sure we cover all possibilities," said Ms Jones. "We wanted to tell more customers than less."
The Lush website has been "retired" and a new online shop is set to appear in a few days but will initially only accept payment through Paypal.
Ms Jones said a forensic investigation was underway to find out how the thieves broke into the site.

SallyG

I'm racking my brains to think of anything they might have set up in the maybe months between them stealing my card details and me cancelling the cards - I mean something nasty that might surface years from now - this is feeding my paranoia to bustin.