The "Freeola Customer Forum" forum, which includes Retro Game Reviews, has been archived and is now read-only. You cannot post here or create a new thread or review on this forum.
Don't know if this is of interest/concern to anyone on here and apologies in advance if I sound like I have no idea what the hell I'm talking about (that would be because I don't!).
I ordered the Mrs. some smelly bath things for Christmas from a site called Lush.co.uk .About half an hour ago I received an email from them informing me that their site has been 'hacked' and any customers who have shopped online with them between 4th Oct and 20th January should contact their banks 'for advice'.I did this just to cover myself and my credit card company informed me that they must cancel my card with immediate effect? Don't know if this is them just being overly cautious or whether these people have indeed successfully gathered the card details of customers who used this site during the mentioned period? Unless other sites have been effected I doubt this will be of relevance to anyone on here but just thought I'd mention it.
I ordered the Mrs. some smelly bath things for Christmas from a site called Lush.co.uk .About half an hour ago I received an email from them informing me that their site has been 'hacked' and any customers who have shopped online with them between 4th Oct and 20th January should contact their banks 'for advice'.I did this just to cover myself and my credit card company informed me that they must cancel my card with immediate effect? Don't know if this is them just being overly cautious or whether these people have indeed successfully gathered the card details of customers who used this site during the mentioned period? Unless other sites have been effected I doubt this will be of relevance to anyone on here but just thought I'd mention it.
Page:
Don't know if this is of interest/concern to anyone on here and apologies in advance if I sound like I have no idea what the hell I'm talking about (that would be because I don't!).
I ordered the Mrs. some smelly bath things for Christmas from a site called Lush.co.uk .About half an hour ago I received an email from them informing me that their site has been 'hacked' and any customers who have shopped online with them between 4th Oct and 20th January should contact their banks 'for advice'.I did this just to cover myself and my credit card company informed me that they must cancel my card with immediate effect? Don't know if this is them just being overly cautious or whether these people have indeed successfully gathered the card details of customers who used this site during the mentioned period? Unless other sites have been effected I doubt this will be of relevance to anyone on here but just thought I'd mention it.
I ordered the Mrs. some smelly bath things for Christmas from a site called Lush.co.uk .About half an hour ago I received an email from them informing me that their site has been 'hacked' and any customers who have shopped online with them between 4th Oct and 20th January should contact their banks 'for advice'.I did this just to cover myself and my credit card company informed me that they must cancel my card with immediate effect? Don't know if this is them just being overly cautious or whether these people have indeed successfully gathered the card details of customers who used this site during the mentioned period? Unless other sites have been effected I doubt this will be of relevance to anyone on here but just thought I'd mention it.
Sorry to hear the news pete, but it does sound rather 'over-the -top' if your bank action a cancellation immediately. My bank tends to be the first to inform me! ...they call and query 'certain transactions' with me before they release funds. These are usually totally innocent but ones for which they don't have 'secure digital signatures' for....Crucial was one that they queried recently when I bought some RAM :¬(
The time scale does seem rather long as well.
The time scale does seem rather long as well.
Thanks DL,I'm not overly concerned though,I'm just finding the whole situation a little bizarre TBH.I decided to act on the advice of the email just incase money was/had been taken and my bank tried to pull the you were told to contact us and did not card.As soon as I mentioned the name of the site I had used the operator acted like he had no other choice but to cancel my card? I was expecting a thanks for letting us know we'll keep an eye on it kind of response.Not sure why this site in particular appears to have been targeted?,obviously on the run up to Christmas they would have been very busy but did their site have some kind of serious security flaw which others do not?.If not then I would be very surprised if this is the only site which has been compromised.Like I said I know very little about these things, my comments I suppose I just based on my logic (not always a good thing!).Anyway,it's not a massive issue but it is an inconvenience for sure as its my daughters birthday in a couple of weeks and I was relying on using that card.I have been told that its going to take around 10 working days to receive a new one.
I like the way lush are nearly offering the hacker a job!
(website message)
NB. They seem to be making good use of their Twitter account (@LushLtd) for customer service if anyone should have problems.
I guess they must have been storing CC details - hopefully their users knew about that? Looks like this story is still breaking...
EDIT:
I see The Register are running the story - long while after the Freeola Forum broke it! ;¬)
Looking in Lush's T&C's they use a 3rd party to process CCs:
"We use Cxxxxxxx to provide a secure server for processing credit card transactions"
I've taken the company name out to protect the (might be) innocent - but they sound like a STI !
(website message)
NB. They seem to be making good use of their Twitter account (@LushLtd) for customer service if anyone should have problems.
I guess they must have been storing CC details - hopefully their users knew about that? Looks like this story is still breaking...
EDIT:
I see The Register are running the story - long while after the Freeola Forum broke it! ;¬)
Looking in Lush's T&C's they use a 3rd party to process CCs:
"We use Cxxxxxxx to provide a secure server for processing credit card transactions"
I've taken the company name out to protect the (might be) innocent - but they sound like a STI !
[s]Hmmm...[/s] @twitter 
If they've been hacked, how do you know it's not the hackers sending the email? ;D
Sonic Chris wrote:
If they've been hacked, how do you know it's not the hackers sending the email? ;D
We don't !,however if all the scammers have managed to do is get a load of people to ring up their banks and get their cards cancelled then they must be quite possibly the most rubbish scammers of all time !
Hearing reports of Lush customers that have had their cards used for unauthorised mobile phone top ups.
If they've been hacked, how do you know it's not the hackers sending the email? ;D
We don't !,however if all the scammers have managed to do is get a load of people to ring up their banks and get their cards cancelled then they must be quite possibly the most rubbish scammers of all time !
Hearing reports of Lush customers that have had their cards used for unauthorised mobile phone top ups.
pete_21 wrote:
Sonic Chris wrote:
[i]If they've been hacked, how do you know it's not the hackers sending the email? ;D
We don't !,however if all the scammers have managed to do is get a load of people to ring up their banks and get their cards cancelled then they must be quite possibly the most rubbish scammers of all time ![/i]
Lol fair point, but to be honest, reading the current main page of the site, the matter doesn't seem to have been taken too seriously. People are having their bank accounts used, and all the website has is the standard paragraph about phoning your bank etc. and the to the right, a video to 'cheer you up'! Seems abit weird to be honest. Although as you've said, can't see what benefit it is to a hacker is you're asking your 'victims' to take a safe route.
Sonic Chris wrote:
[i]If they've been hacked, how do you know it's not the hackers sending the email? ;D
We don't !,however if all the scammers have managed to do is get a load of people to ring up their banks and get their cards cancelled then they must be quite possibly the most rubbish scammers of all time ![/i]
Lol fair point, but to be honest, reading the current main page of the site, the matter doesn't seem to have been taken too seriously. People are having their bank accounts used, and all the website has is the standard paragraph about phoning your bank etc. and the to the right, a video to 'cheer you up'! Seems abit weird to be honest. Although as you've said, can't see what benefit it is to a hacker is you're asking your 'victims' to take a safe route.
Haha. Was going to jump on Hmmm... suggesting he has just made up the job thing............... until I read the the sentence "We would like to offer you a job"....... clever.
And they do seem to be taking it seriously in fairness to them Chris. They apologise in a grovelling manner on no less than 3 occasions, have closed down their entire site (costing themselves a pretty penny), and explained in a very honest manner that they can not stop the hackers.
They have done all they can do, which is email people notifying them and telling them to contactt heir banks. That's literally all they can do.
Fair play to them. Let's hope the next iteration of the site is more secure.
And they do seem to be taking it seriously in fairness to them Chris. They apologise in a grovelling manner on no less than 3 occasions, have closed down their entire site (costing themselves a pretty penny), and explained in a very honest manner that they can not stop the hackers.
They have done all they can do, which is email people notifying them and telling them to contactt heir banks. That's literally all they can do.
Fair play to them. Let's hope the next iteration of the site is more secure.
As if I would make something up! :¬P
Something looks a bit strange to me though...
This has been going on for quite a long time. Further reading shows they might have knew about problems in December but let things run.
I can't see anyone talking about the 3rd party they use for "secure server for processing credit card transactions" - rather odd.
So perhaps it's either an inside job or things weren't setup very well?
They didn't have any choice than to take the site down as they are no doubt in danger of losing their Merchant Account depending on what was going on...
Something looks a bit strange to me though...
This has been going on for quite a long time. Further reading shows they might have knew about problems in December but let things run.
I can't see anyone talking about the 3rd party they use for "secure server for processing credit card transactions" - rather odd.
So perhaps it's either an inside job or things weren't setup very well?
They didn't have any choice than to take the site down as they are no doubt in danger of losing their Merchant Account depending on what was going on...
[s]Hmmm...[/s]
Couldn't agree more Hmmm...did think it was 'overdue' when pete first broke the 'news'......the 'Happy Monday' video didn't instill confidence either, neither did the request to keep shopping via the telephone :¬(
Page: