We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
LUSH - Important News - UPDATED
Options
Comments
-
After being hacked a couple of years ago one piece of advice I was given was to always use a credit card online; then if you do get hacked (through the merchants fault not yours) your day to day bank account won't be affected, only your credit card account. This is less painful on the whole in terms of cancelling cards, still having access to cash daily etc.
Appreciate CC's are not for everyone, but this is a good tip for those that do have one.0 -
When my bank debit card was recently 'compromised' I decided that going forward I will only pay on-line with either PayPal or my pre-paid visa card which beyond a holding fund of about £30 only ever has money credited to it when I intend to spend it immediately afterwards.
Basically separate your normal banking from anything you use for on-line spending.
I also have the problem of a refund which has been made to a card which I have since cancelled; according to my bank it may not be an issue because the bank account remains the same, hopefully they are correct. Otherwise I sense a quest ahead.~*~ If you don't need it, it isn't a bargain ~*~0 -
Not Again0
-
msgigglewick wrote: »im guessing you all know when you have malware on your pc's without running a virus scan, etc. No thought not. Its not lushs fault they got attacked. Though maybe they should have had more checks in place looking for loopholes in the servers etc. But that isn't the staffs fault just their IT department.QUOTE]
If you have a computer, and especially if you shop online, you should be running a virus check before you purchase anything in case there is malware or a trojan, but again most pc users will use a virus check and malware checker once a week anyway. If we are responsible enough to do this surely Lush should be too, if as you say they must have compromised the system by placing malicious software in their systems it would not have been overly difficult for an IT department to have found this quickly and without a doubt within a few days rather than a few months.Comping wishlist for 2017
1. Family holiday 2. Christmas presents :rudolf: 3. Fishing stuffThe more you put into life, the more you get out0 -
I can't believe that people are saying "poor lush" here. The industry has a clear code of compliance - PCI-DSS. If they were compliant then it's highly unlikely that they'd have been targeted. If they weren't then they might as well have printed the card details out and stuck them on the door of their office.
We have had our card compromised, with money being taken just three days ago. We used Lush's website back in late November. They must have been holding our card details unencrypted ever since then.
My email to them is below:
Dear Lush,
You write: "Our website has been the victim of hackers".
No it hasn't. Your customers have been the victims of poor security, terrible data management and a clear lack
of PCI DSS compliance by yourselves. Blaming hackers for such a loss is like blaming opportunist bank robbers
after leaving the safe open and the alarm switched off.
My credit cards have been compromised, and I have lost money to fraudulent O2 transactions. I've had to spend ages
on the phone to my bank, have had all of my cards stopped and have no way of accessing my money.
I am disgusted by this and I expect to see a full apology on your web site not a pathetic attempt to shift the blame
and a trite video.
Yours sincerely0 -
yummy.scrummy.mummy wrote: »i dont think they are so stupid to not encrypt their data. hackers are hackers, if they can gain entry to a database then they can decrypt the information on there with little problem. you have to realise that the skill these people have wouldnt stop just because the data is encrypted as it would be easy for them to decrypt
With respect you obviously don't work in IT security! Properly encrypted data is not "easy to decrypt".0 -
Lush really should be apologising, hackers will always take the path of least resistance and once they have entered the system they tend to install rootkits as means of providing backdoor entry in the future. If this has been going on over many months, why has someone not been checking logs or monitoring the network activity who would have noticed? Do they not have any form of intrusion detection system installed? Did they store customer payment details on a web server (the system most vulnerable to the outside world).
If a hacker/group of hackers have the willpower then they can penetrate even some of the most secure systems, however the sensitivity of the information they have acquired in this case leaves me a tad suspect.:jStand And Deliver ! :j0 -
Savvybunny2009 wrote: »msgigglewick wrote: »im guessing you all know when you have malware on your pc's without running a virus scan, etc. No thought not. Its not lushs fault they got attacked. Though maybe they should have had more checks in place looking for loopholes in the servers etc. But that isn't the staffs fault just their IT department.QUOTE]
If you have a computer, and especially if you shop online, you should be running a virus check before you purchase anything in case there is malware or a trojan, but again most pc users will use a virus check and malware checker once a week anyway. If we are responsible enough to do this surely Lush should be too, if as you say they must have compromised the system by placing malicious software in their systems it would not have been overly difficult for an IT department to have found this quickly and without a doubt within a few days rather than a few months.
i agree. but who actually will do a virus scan which lasts an hour before EVERY online purchase? i know and have seen plenty of pc's that haven't even got malware protection on etc and then they wonder why? like i said its the IT department to blame not the staff that are posting or you're likely to speak too. I don't know the set up of lush or even if they have their own IT department or just rely on a hosting company etc. I find it hard to believe how it has gone on for as long as it has without anyone noticing..
that crossed my mind too, maybe it was someone on the inside... but im not going to point fingers.Or maybe they just hired the wrong person.
Totally debt free wohooo 2014
Christmas 2014
Presents bought **** rrp **** Saved ****
*SAVE*SAVE*SAVE*0 -
msgigglewick wrote: »that crossed my mind too, maybe it was someone on the inside... but im not going to point fingers.
Sh!te security or inside job or both.
Take your pick because its nothing else.Not Again0 -
I run a virus check each time lol, but I have been the victim of card fraud so I'm extra cautious although not very practical when a grabbit is around.
I really hope they pull their finger out and give people the apology that they deserve, it truly is awful
Comping wishlist for 2017
1. Family holiday 2. Christmas presents :rudolf: 3. Fishing stuffThe more you put into life, the more you get out0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244K Work, Benefits & Business
- 598.9K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards