14 DAY TRIAL // The official website of Lakeland, the popular British kitchenware store chain, has been hacked. The company has started notifying customers of the incident.
Security expert Graham Cluley has obtained a copy of the notification email.
According to the company, the “sophisticated and sustained attack” was discovered on July 19. Lakeland took immediate action to block the attack and repair the impacted systems.
“Today it has become clear that two encrypted databases were accessed, though we've not been able to find any evidence that the data has been stolen. However, we have decided that it is safest to delete all the customer passwords used on our site and invite customers to reset their passwords next time they visit the Lakeland site,” the company said in the email sent out to customers.
Users are also advised to change their other passwords as well in case they utilize the same one for multiple online accounts.
Apparently, the attackers have leveraged a vulnerability in the Java software running on the company’s website.
“This flaw was used to gain unauthorised access to the Lakeland web system and data. Hacking the Lakeland site has taken a concerted effort and considerable skill. We only wish that those responsible used their talent for good rather than criminal ends,” Lakeland stated.
It’s uncertain precisely which Java vulnerability the hackers exploited. However, as Graham Cluley highlights, organizations should try to avoid using vulnerability-ridden technology as much as possible.
A large number of vulnerabilities have been identified in Java over the past period. Experts have often warned that the software should be installed only if it’s a necessity.
If an organization or a user is dependent on it, they should make sure the application is always updated.