14 DAY TRIAL // LUSH Cosmetics, a UK company selling handmade cosmetics products, warned customers about a credit card breach after its website got hacked.
In an announcement posted online, the company said that after discovering the compromise and patching the hole, the website was placed under full-time security monitoring.
Because there was still evidence of attackers trying to break back in, the cosmetics vendor decided to pull the plug on the old website and create an entirely new version.
Unfortunately, there is reason to believe the site has been compromised since the beginning of October and that customer credit card details were stolen.
"For complete ease of mind, we would like all customers that placed ONLINE orders with us between 4th Oct 2010 and today, 20th Jan 2011, to contact their banks for advice as their card details may have been compromised," the company wrote in an email notification sent to affected individuals.
In an unusual move, the cosmetics vendor decided to address the hacker, although in an ironic manner. It praised his "formidable" talents and said it would offer him a job if his morals wouldn't be incompatible with those of its customers.
LUSH also tried to lighten up the spirits by posting a video showing Muppet-like lemmings singing and dancing. The clip was met with mixed reactions by customers.
Reading through the comments left on its YouTube and Facebook pages, it's clear that some people have been affected by the breach and had money stolen from their accounts.
However, aside from announcing the actual compromise and instructing people to contact their banks, LUSH did not provide any other details, like if the incident is being investigated by specialists.
It did mention however that an interim website will be up shortly and will only accept payments via PayPal until the new secure version is created.