The "Freeola Customer Forum" forum, which includes Retro Game Reviews, has been archived and is now read-only. You cannot post here or create a new thread or review on this forum.
I ordered the Mrs. some smelly bath things for Christmas from a site called Lush.co.uk .About half an hour ago I received an email from them informing me that their site has been 'hacked' and any customers who have shopped online with them between 4th Oct and 20th January should contact their banks 'for advice'.I did this just to cover myself and my credit card company informed me that they must cancel my card with immediate effect? Don't know if this is them just being overly cautious or whether these people have indeed successfully gathered the card details of customers who used this site during the mentioned period? Unless other sites have been effected I doubt this will be of relevance to anyone on here but just thought I'd mention it.
I ordered the Mrs. some smelly bath things for Christmas from a site called Lush.co.uk .About half an hour ago I received an email from them informing me that their site has been 'hacked' and any customers who have shopped online with them between 4th Oct and 20th January should contact their banks 'for advice'.I did this just to cover myself and my credit card company informed me that they must cancel my card with immediate effect? Don't know if this is them just being overly cautious or whether these people have indeed successfully gathered the card details of customers who used this site during the mentioned period? Unless other sites have been effected I doubt this will be of relevance to anyone on here but just thought I'd mention it.
The time scale does seem rather long as well.
(website message)
NB. They seem to be making good use of their Twitter account (@LushLtd) for customer service if anyone should have problems.
I guess they must have been storing CC details - hopefully their users knew about that? Looks like this story is still breaking...
EDIT:
I see The Register are running the story - long while after the Freeola Forum broke it! ;¬)
Looking in Lush's T&C's they use a 3rd party to process CCs:
"We use Cxxxxxxx to provide a secure server for processing credit card transactions"
I've taken the company name out to protect the (might be) innocent - but they sound like a STI !
[s]Hmmm...[/s]
@twitter If they've been hacked, how do you know it's not the hackers sending the email? ;D
We don't !,however if all the scammers have managed to do is get a load of people to ring up their banks and get their cards cancelled then they must be quite possibly the most rubbish scammers of all time !
Hearing reports of Lush customers that have had their cards used for unauthorised mobile phone top ups.
Sonic Chris wrote:
[i]If they've been hacked, how do you know it's not the hackers sending the email? ;D
We don't !,however if all the scammers have managed to do is get a load of people to ring up their banks and get their cards cancelled then they must be quite possibly the most rubbish scammers of all time ![/i]
Lol fair point, but to be honest, reading the current main page of the site, the matter doesn't seem to have been taken too seriously. People are having their bank accounts used, and all the website has is the standard paragraph about phoning your bank etc. and the to the right, a video to 'cheer you up'! Seems abit weird to be honest. Although as you've said, can't see what benefit it is to a hacker is you're asking your 'victims' to take a safe route.
And they do seem to be taking it seriously in fairness to them Chris. They apologise in a grovelling manner on no less than 3 occasions, have closed down their entire site (costing themselves a pretty penny), and explained in a very honest manner that they can not stop the hackers.
They have done all they can do, which is email people notifying them and telling them to contactt heir banks. That's literally all they can do.
Fair play to them. Let's hope the next iteration of the site is more secure.
Something looks a bit strange to me though...
This has been going on for quite a long time. Further reading shows they might have knew about problems in December but let things run.
I can't see anyone talking about the 3rd party they use for "secure server for processing credit card transactions" - rather odd.
So perhaps it's either an inside job or things weren't setup very well?
They didn't have any choice than to take the site down as they are no doubt in danger of losing their Merchant Account depending on what was going on...
[s]Hmmm...[/s]