Lush - the cosmetics shop that you can always smell before you can see - has confirmed that its website has been the victim of hackers, resulting in users’ card details being compromised.
“24 hour security monitoring has shown us that we were still being targeted and there were continuing attempts to re-enter,” a statement on the website reads.
“We refuse to put our customers at risk of another entry - so have decided to completely retire this version of our website.”
The firm warns that customers who placed online orders (on the UK website) between October 4th, 2010 and January 24th, 2011 should contact their banks for advice as their card details “may have been compromised”.
All customers potentially exposed were sent an email on January 20th.
“A full external forensic investigation of the security breach has been commissioned,” the statement adds. “We will be studying the results with great care, to ensure that we leave no stone unturned in our efforts to protect customers from events like this in the future.”
The company also posted a message to the people responsible:
TO THE HACKER
If you are reading this, our web team would like to say that your talents are formidable. We would like to offer you a job - were it not for the fact that your morals are clearly not compatible with ours or our customers'.
You can read the full statement here.