Lush Cosmetics breach
Another bit of news landed in my Inbox this morning, where a retailer claims to be subject to a security breach and as such has completely retired their website.
The retailer is well known and has a shop on every high street. A spectacular piece of PR appears on their website now, saying they’ve taken down their website as were targeted by hackers and customer details were still at risk.
They even go so far as commending the hacker’s ‘formidable’ efforts and offering him/her a job!
Well, if that job is being able to search Google for a SQL Injection exploit that can be carried out on a site that clearly uses named open source shopping cart software, then I know a few school leavers that might be interested, but this certainly does not appear to be the work of an advanced hacker.
It’s like saying – “It wasn’t our fault, criminals are cleverer than we are.”
Yes. Criminals ARE cleverer than most of us, which is why you have to implement a set of security controls to keep them out.
…but when you can search Google and find this exploit and even download the source code (it being open source) to try it out, it does beg the question as to what definition of ‘intelligence’ has been implied.