Sorry guys. This should have been posted way sooner but I’ve had a really busy day around here!
The Lush UK website has been hacked. This is pretty upsetting and scary news as I’m a chronic shopper on the site. Their notice is that any orders placed on October 4th, 2010 through today should contact their banks for advice as credit card details may have been compromised. I’ve contacted Lush Mail Order as I wanted to know about addresses, names, and other personal information as they are stating it was CC info only.
Either way, be sure to alert your debit and credit cards and if possible have a new card issued just to be safe. Lush has sent out an official e-mail letting customers know and have taken down their website and will be relaunching a new site shortly as a precautionary measure.
Good Luck!
And I sincerely hope no one was affected by this drama.
I read it today. I called my bank to block my CC, and ordered a new one.
Happy that there was no strange transaction on my CC till today.
nada here either thankfully cindy, way scary though! I was trying to reach out to them and make sure personal detail weren’t stolen as well, that worries me most!
Never thought about that…. that they can also steal personal detail… I don’t want to think about that. You hear a lot lately about stolen identities 🙁
exactly 🙁 I was more worried about that than my CC info 🙁 I contacted Lush but haven’t heard back yet 🙁
Ciiiindy!! *waves* 😀
I also called my bank and they were aware of the situation, thankfully. So they’ve blocked my CC and are going to send me a new one.
Am still gonna keep an eye on my CC transaction overview for now though *scared*
suzy was quite scary! 🙁 I contacted them asking if it was names, address, etc…as that’s just as scary as having your CC info stolen!
*waves back*
Nice to see another Dutchie here 🙂
<3 I love that you guys are chatting with each other here!
oh wats scary is i was thinking of ordering the other day but hd complications with my card so didnt god thank god i didnt luv ya musey x
phew good rebecca! way scary isn’t it? 🙁 luv ya back! 😀
Ooh that sucks, hopefully everyone with numbers in their database doesn’t get their data stolen. Lush is pretty shady, to me anyway – don’t buy anything from them. I kinda think most of their charity work is simply for marketing.
I placed an order during their affected time period so I called in to get a new CC today. I’m a bit confused as to whether they are still shipping out the orders though… I mean, I checked my CC statement and I was charged? It’s a bummer either way 🙁
I believe orders went through Emily but email or call just to be safe. Most important that you got your CC changed just to be safe!
Thank you so much for posting this! I haven’t gotten an email or anything! Calling my bank now.
my pleasure CJ! better safe than sorry. I had new cards issues right away!
That’s what I just did 🙂 Thankfully their weren’t any charges made.
phew good call cj ;D scary!
Oh my goodness – How awful! I had my identity stolen earlier last year and it was such a miserable experience. I sincerely hope no one has to deal with that 🙁 Especially fellow Lushies!!!
ugh lauren that’s awful hun 🙁 Hope all is ok now!
I ordered way back in November sometime from their site. I got the email from LUSH today and decided to check my bank account online. Surprise surprise, someone has paid £15 out three days ago for an 02 Prepay mobile phone top up. I don’t have an 02 phone.
Cancel your cards folks
thanks ann!!!!!!!
I ordered during the affected time period, but no charges or strange activity has been going on with my card. Should I still call my bank? I hate having to replace my again AGAIN. 🙁
It’s your call Danielle. Really can’t advise you on this hun.
What about the usa website?
nothing is going on with the US site Julie, UK only.
Not really happy about it as I know have to get a new one and pay for it, but I highly appreciate that Lush gives out the info to their customers and does not leave them in the dark.
Thanks for picking up at this also 🙂 There is no such thing as too much information.
nia sorry to hear it hun but better safe than sorry eh? 🙁
hey Muse! So I purchased from the USA site a couple months ago AND my acct was hacked last night. Hmm
really?! there was NO mention of Lush NA being hacked. How do you mean hacked? your bank account!? your debit card?!
Lush seem to be at fault acording to the English newspapers.
They are apparently holding customers details unencrypted and knew of attacks on their site for weeks or possibly longer.
Here is one article from The Guardian (an English newspaper):
http://www.guardian.co.uk/money/2011/jan/21/lush-website-hack-customers-fraud
Muse, am not sure if I’m allowed to post a url here and sorry if not.
THANKS mary that’s really helpful hun ;-D!!!!!!!!!!!!!!!!!!!!!! that’s fine to post the URL very helpful!
I had to get mine cancelled and am going through a big pallaver to find out whats missing and all that thanks to missing bank statements. I went to get my new card yesterday to find out my bank had not only not issued me one, but not cancelled my old one like they said so whoever took the details had it for two weeks longer. Assuming I actually get my card back when they say it will be ready this time I’ll have been without it for nearly a month, which is a pain. I can’t get hold of my cash any other way because I work when the banks are open! Nightmare!
ugh sorry to hear it Samantha! curious minds when did you place your actual order? December or before?