Hi, 
Guest
Pic
Sign In

wasc-whid@lists.webappsec.org

WASC Web Hacking Incidents Database

View all threads

WHID 2011-44: Credit cards compromised as hackers target beauty site

WW
WASC Web Hacking Incidents Database
Mon, Apr 25, 2011 1:05 PM

*Entry Title: *WHID 2011-44: Credit cards compromised as hackers target
beauty site
*WHID ID: *2011-44
*Date Occurred: *February 15, 2011
*Attack Method: *SQL Injection
*Application Weakness: *Improper Input Handling
*Outcome: *Leakage of Information
*Attacked Entity Field: *Retail
*Attacked Entity Geography: *New Zealand
*Incident Description: *The Lush UK website was recently compromised and the
company says while the New Zealand and Australian sites are not linked to
the UK site, both have also been targeted by hackers.
It says personal data may have been obtained by the hackers and customers
should contact their banks to discuss cancelling their credit cards.
*Mass Attack: *No
*Reference: *
http://www.radionz.co.nz/news/national/68729/credit-cards-compromised-as-hackers-target-beauty-site
Attack Source Geography:

*Entry Title: *WHID 2011-44: Credit cards compromised as hackers target beauty site *WHID ID: *2011-44 *Date Occurred: *February 15, 2011 *Attack Method: *SQL Injection *Application Weakness: *Improper Input Handling *Outcome: *Leakage of Information *Attacked Entity Field: *Retail *Attacked Entity Geography: *New Zealand *Incident Description: *The Lush UK website was recently compromised and the company says while the New Zealand and Australian sites are not linked to the UK site, both have also been targeted by hackers. It says personal data may have been obtained by the hackers and customers should contact their banks to discuss cancelling their credit cards. *Mass Attack: *No *Reference: * http://www.radionz.co.nz/news/national/68729/credit-cards-compromised-as-hackers-target-beauty-site *Attack Source Geography:*
WW
WASC Web Hacking Incidents Database
Mon, Apr 25, 2011 11:45 PM

Ryan,

The URL below are specific to Australia:
http://www.zdnet.com.au/lush-says-site-wasn-t-pci-compliant-339309230.htm
http://www.zdnet.com.au/privacy-commissioner-looks-into-lush-hack-339309262.htm
http://www.zdnet.com.au/lush-pickings-for-credit-thief-as-site-hacked-339309212.htm

Also, http://www.zdnet.com.au/beauty-giants-face-brawl-over-nz-web-site-139143573.htm
is dated 2004 but I am not sure if this is a second incident .nz -
perhaps someone from .nz could clarify?

On Mon, Apr 25, 2011 at 11:05 PM, WASC Web Hacking Incidents Database
wasc-whid@lists.webappsec.org wrote:

Entry Title: WHID 2011-44: Credit cards compromised as hackers target beauty
site
WHID ID: 2011-44
Date Occurred: February 15, 2011
Attack Method: SQL Injection
Application Weakness: Improper Input Handling
Outcome: Leakage of Information
Attacked Entity Field: Retail
Attacked Entity Geography: New Zealand
Incident Description: The Lush UK website was recently compromised and the
company says while the New Zealand and Australian sites are not linked to
the UK site, both have also been targeted by hackers.
It says personal data may have been obtained by the hackers and customers
should contact their banks to discuss cancelling their credit cards.
Mass Attack: No
Reference: http://www.radionz.co.nz/news/national/68729/credit-cards-compromised-as-hackers-target-beauty-site
Attack Source Geography:

--
Regards,
Christian Heinrich

http://cmlh.id.au/contact

Ryan, The URL below are specific to Australia: http://www.zdnet.com.au/lush-says-site-wasn-t-pci-compliant-339309230.htm http://www.zdnet.com.au/privacy-commissioner-looks-into-lush-hack-339309262.htm http://www.zdnet.com.au/lush-pickings-for-credit-thief-as-site-hacked-339309212.htm Also, http://www.zdnet.com.au/beauty-giants-face-brawl-over-nz-web-site-139143573.htm is dated 2004 but I am not sure if this is a second incident .nz - perhaps someone from .nz could clarify? On Mon, Apr 25, 2011 at 11:05 PM, WASC Web Hacking Incidents Database <wasc-whid@lists.webappsec.org> wrote: > Entry Title: WHID 2011-44: Credit cards compromised as hackers target beauty > site > WHID ID: 2011-44 > Date Occurred: February 15, 2011 > Attack Method: SQL Injection > Application Weakness: Improper Input Handling > Outcome: Leakage of Information > Attacked Entity Field: Retail > Attacked Entity Geography: New Zealand > Incident Description: The Lush UK website was recently compromised and the > company says while the New Zealand and Australian sites are not linked to > the UK site, both have also been targeted by hackers. > It says personal data may have been obtained by the hackers and customers > should contact their banks to discuss cancelling their credit cards. > Mass Attack: No > Reference: http://www.radionz.co.nz/news/national/68729/credit-cards-compromised-as-hackers-target-beauty-site > Attack Source Geography: -- Regards, Christian Heinrich http://cmlh.id.au/contact
Empathy v1.0   2024 ©Harmonylists.com