[WASC-WHID] WHID 2011-44: Credit cards compromised as hackers target beauty site

WASC Web Hacking Incidents Database wasc-whid at lists.webappsec.org
Mon Apr 25 09:05:15 EDT 2011


*Entry Title: *WHID 2011-44: Credit cards compromised as hackers target
beauty site
*WHID ID: *2011-44
*Date Occurred: *February 15, 2011
*Attack Method: *SQL Injection
*Application Weakness: *Improper Input Handling
*Outcome: *Leakage of Information
*Attacked Entity Field: *Retail
*Attacked Entity Geography: *New Zealand
*Incident Description: *The Lush UK website was recently compromised and the
company says while the New Zealand and Australian sites are not linked to
the UK site, both have also been targeted by hackers.
It says personal data may have been obtained by the hackers and customers
should contact their banks to discuss cancelling their credit cards.
*Mass Attack: *No
*Reference: *
http://www.radionz.co.nz/news/national/68729/credit-cards-compromised-as-hackers-target-beauty-site
*Attack Source Geography:*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/wasc-whid_lists.webappsec.org/attachments/20110425/fd6b2f1f/attachment-0003.html>


More information about the wasc-whid mailing list