Breaking news story from the Guardian, Lush have had their website hacked over the last 3-4 months meaning anyone who has used the site in this period could be a victim of fraud.
They have apparently known since late December and yet have only announced it today, making people wonder why they chose to wait so long with so many people's details at risk. And now they are at risk of being prosecuted and their rights to accept card payments stripped, as it appears they failed to properly encrypt these details.
It may be easy to blame the hackers, and see Lush as the victim but this is just untrue. I work and study Internet technology and security and understand that you must expect anything and prepare your system accordingly. Lush have clearly failed to anticipate problems and prepare for them, so the customers are the victims of the company's incompetence and all this hacking has done, is expose it.
No comments:
Post a Comment