[WASC-WHID] WHID 2011-44: Credit cards compromised as hackers target beauty site

WASC Web Hacking Incidents Database wasc-whid at lists.webappsec.org
Mon Apr 25 19:45:15 EDT 2011


Ryan,

The URL below are specific to Australia:
http://www.zdnet.com.au/lush-says-site-wasn-t-pci-compliant-339309230.htm
http://www.zdnet.com.au/privacy-commissioner-looks-into-lush-hack-339309262.htm
http://www.zdnet.com.au/lush-pickings-for-credit-thief-as-site-hacked-339309212.htm

Also, http://www.zdnet.com.au/beauty-giants-face-brawl-over-nz-web-site-139143573.htm
is dated 2004 but I am not sure if this is a second incident .nz -
perhaps someone from .nz could clarify?

On Mon, Apr 25, 2011 at 11:05 PM, WASC Web Hacking Incidents Database
<wasc-whid at lists.webappsec.org> wrote:
> Entry Title: WHID 2011-44: Credit cards compromised as hackers target beauty
> site
> WHID ID: 2011-44
> Date Occurred: February 15, 2011
> Attack Method: SQL Injection
> Application Weakness: Improper Input Handling
> Outcome: Leakage of Information
> Attacked Entity Field: Retail
> Attacked Entity Geography: New Zealand
> Incident Description: The Lush UK website was recently compromised and the
> company says while the New Zealand and Australian sites are not linked to
> the UK site, both have also been targeted by hackers.
> It says personal data may have been obtained by the hackers and customers
> should contact their banks to discuss cancelling their credit cards.
> Mass Attack: No
> Reference: http://www.radionz.co.nz/news/national/68729/credit-cards-compromised-as-hackers-target-beauty-site
> Attack Source Geography:

-- 
Regards,
Christian Heinrich

http://cmlh.id.au/contact




More information about the wasc-whid mailing list