Cosmetics retailer Lush pulls website after hackers attack

Cosmetics retailer, Lush, has been forced to pull its website after being victim to hackers.

In a statement published by Lush, the company said its 24-hour security monitoring revealed it was still being targeted.

“We refuse to put our customers at risk of another entry – so have decided to completely retire this version of our website,” said Lush.

It warned customers who have placed online orders over a four-month period between 4th October 2010 and 20th January 2011 to contact their banks as their card details may have been stolen.

Its temporary website will be launched in a few days and will only accept PayPal payments.  

Customers placing orders via its mail order phone room would not have been affected.

And in a special message to the hacker, Lush said, “If you are reading this, our web team would like to say that your talents are formidable.

“We would like to offer you a job – were it not for the fact that your morals are clearly not compatible with ours or our customers’.”

Security advisor Rik Ferguson from Trend Micro has posted a blog responding to the issues concerned with online shopping in relation to the hackers attack on Lush’s website.