Lush takes down website after hacker onslaught

Lush takes down website after hacker onslaught

Customers’ bank details may have been compromised, says cosmetics chain

Article comments

Lush, the handmade cosmetics company, has taken down its website following persistent attack by hackers.

“Twenty-four hour security monitoring has shown us that we are still being targeted and there are continuing attempts to re-enter,” the company said on its website.

Lush warned all customers who placed online orders on the website between 4 October 2010 and 20 Jan 2011 to contact their banks for advice as their card details “may have been compromised”.

A new, temporary version of the Lush website will be launched in a few days. It will initially only take payments through PayPal.

The company said that its mail order phone room and shops have not been affected by the hackers.

In a message aimed at the hackers, Lush stated on its website: “Our web team would like to say that your talents are formidable. We would like to offer you a job – were it not for the fact that your morals are clearly not compatible with ours or our customers’.”


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
* *