A newly formed hacker collective called L0lz Security (L0lzSec) claims to have gained access to the databases of Pearl.fr, a French e-commerce website that sells a wide variety of products.
The hackers have allegedly obtained 729,000 accounts, along with over 1 million bank transaction details.
Apparently, the members of L0lzSec have leveraged an SQL Injection and multiple cross-site scripting (XSS) flaws to gain access to the systems of Pearl.fr.
For the time being, they have only published a small amount of information comprising usernames, addresses, email addresses, passwords and around 70 “useless” credit card numbers.
However, according to the hackers, the complete data dump will be made available in the upcoming days.
We have reached out to Pearl.fr’s representatives to see if the L0lzSec’s claims are true and we’ll return with an update as soon as they respond. Update.
Pearl has responded to our inquiry. A company spokesperson has confirmed that a hacker did in fact gain unauthorized access to their systems. However, he claims that only a small number of accounts (between 2,000 and 3,000) have been exposed.
All affected customers have been notified via email and advised to immediately change their passwords.
On the other hand, the firm's representatives state that they don't store customer bank account details.