Skip to main content

Hackers Hit Lush Sales Site

Handmade cosmetics brand Lush has admitted that its site had been repeatedly targeted by hackers over a period of almost four months.

Customers who placed orders on the site between 4 Oct 2010 and 20 Jan 2011 have been advised to contact their banks to check whether their card details have been compromised. Those who purchased goods in store or on the phone are unaffected, Lush said.

According to the company, the site is still under attack.

"24 hour security monitoring has shown us that we are still being targeted and there are continuing attempts to re-enter. We refuse to put our customers at risk of another entry - so have decided to completely retire this version of our website," Lush said.

The retailer has confirmed it is already working with the police and banks to “bring this branch of organised crime to justice”.

In a tongue-in-cheek message to the hackers, Lush said: “If you are reading this, our web team would like to say that your talents are formidable. We would like to offer you a job - were it not for the fact that your morals are clearly not compatible with ours or our customers'.”

Lush plans to launch a “completely separate”, temporary site over the next few days, set to initially only accept payments through PayPal, and to keep customers happy until that day, the company has created this (opens in new tab).