Lush customer details stolen by hackers

The UK web site for cosmetics company Lush has fallen victim to hackers.

The hack affected customers who made purchases from the site between 4 October 2010 and 20 January 2011 and hackers are continuing to try and break into the site.

As a result, Lush has emailed its customers to inform them of the attack and shut down the website entirely, setting up a temporary online shop which accepts PayPal transactions.

“Our website has been the victim of hackers,” the online statement read. “24 hour security monitoring has shown us that we are still being targeted and there are continuing attempts to re-enter.”

“We refuse to put our customers at risk of another entry - so have decided to completely retire this version of our website.”

The statement also included a note addressed to the hacker, which said: “If you are reading this, our web team would like to say that your talents are formidable. We would like to offer you a job - were it not for the fact that your morals are clearly not compatible with ours or our customers.”

The Australian arm of Lush has assured customers that no credit card details of customers that shop at the lush.com.au store have been compromised.

"Our web site is not affiliated with the Lush UK web site," a spokesman told iTnews.

The British attack compelled Lush's local arm to have its web properties "reviewed and tested by our IT Company," the spokesman said, which was given a clean bill of health.

"Our website has not been victim to hackers during the period of October until now and is safe."

This article originally appeared at itpro.co.uk