back to article Luckless Lush hammered in hack

Australian cosmetics retailer Lush has pulled the kill-switch on its web store following a security breach. In a statement that replaced its home page on Tuesday, Lush Australia says it has been alerted that the security breach may have exposed customers' credit card information. The statement directs customers to contact …


This topic is closed for new posts.
  1. SirTainleyBarking

    May not be "Linked"

    But I wouldn't be surprised if the same basic construction / code was used, with the only differences being the sales text and some of the pictures. You'd have thought that they would have checked the first time around.

    Instead of developing lumpy soaps on a rope prehaps they should divert their attention to clue sticks and security, as this is just embarrassing

  2. Mike Flugennock

    if you ask me... would seem like they were just begging to be taken down simply by being called "Lush".

  3. Tom 35

    Lush's security

    Stinks as much as their products.

    1. RegisterThis
      Thumb Up

      Spot on ...

      I remember trailing after my wife round one of those stores and getting a headache from the olfactory senses bombardment ... at least this gives them a headache!

      (I wonder what their employee turn-over is? I couldn't work in one of those stores for 10 minutes let-alone a day!)

      Conan the Smelly Barbarian (AKA RegisterThis)

  4. Anomalous Cowturd

    "Our Website is not linked to the Lush UK Website, which was recently compromised,"

    Yeah right!


    You would think that having been compromised once, they might have given their other sites the "once over"?

    The icon of choice!

  5. Paratrooping Parrot

    Alarm Bells

    "Lush Australasia director Mark Lincoln says customers would not have been aware that their card details were kept."

    I think this is a major cause for concern. Just like XBox Live keeps details without card owners' knowledge, they have also been keeping details without the card owners' knowledge.

  6. Glen Turner 666


    Remind me why Lush needed to keep people's credit card details?

  7. MegC


    I was one of the effected customers fromt he UK site, quite annoying as I definately didnt tick any "Please remember my card details" box.

    Apparently they knew before christmas about the problem on the UK site but held out on letting anyone know because it might scare off the christmas punters, the police should be bloody investigating them as well as the hacker that did it. When I rang the bank to cancel my cards etc... they said they'd had tonnes of people ringing to cancel because of emails from Lush.

  8. Dan 63

    "bath bomb retailer"

    Rather disapointed to see that there are in fact no exploding baths

    1. TeeCee Gold badge

      Exploding baths?

      I think you'll find that's the province of the music industry*, not cosmetic products retailers.

      *Or rather, was. I haven't seen a; "Rock band trashed hotel rooms with high explosives" story for some years now. Shame really.....

  9. lglethal Silver badge
    Thumb Down

    Massive points off for security (or lack thereof)...

    ... But you have to give them credit for admitting the breach and actually telling customers it happened. If it had been in the UK, they wouldnt have admitted a thing until the press had somehow found out about it (and they would probably still have denied it for a few months first!)...

  10. Stefing


    Having worked in IT for decades I can't imagine any company being so coordinated as to run the same set-up in two countries.

    Lush is a major backer of the Green movement. Now what agency would ever try to infiltrate of attack such a group, hmmm?

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020