Top
Debenhams warns flower-buying customers after website hacked for over six weeks – A N I T H
fade
4685
post-template-default,single,single-post,postid-4685,single-format-standard,eltd-core-1.1.1,flow child-child-ver-1.0.0,flow-ver-1.3.6,eltd-smooth-scroll,eltd-smooth-page-transitions,ajax,eltd-blog-installed,page-template-blog-standard,eltd-header-standard,eltd-fixed-on-scroll,eltd-default-mobile-header,eltd-sticky-up-mobile-header,eltd-dropdown-default,wpb-js-composer js-comp-ver-5.0.1,vc_responsive

Debenhams warns flower-buying customers after website hacked for over six weeks

Debenhams warns flower-buying customers after website hacked for over six weeks


British high street retailer Debenhams has warned that the company which owns and operates its flower delivery website has been hacked, potentially exposing the personal information of up to 26,000 customers.

According to an email sent by Debenhams to affected customers, hackers had access to sensitive information on the Debenhams Flowers website for over six weeks – and stole personal information including payment card details, as well as customers’ names, addresses, email addresses and passwords.

Debenhams email

I am writing to you as a precaution following confirmation on 29th April that our Debenhams Flowers supplier, Ecomnova, a company that owns and operates flower and gifting websites, has experienced a cyber attack.

The attack took place between 24th February and 11th April 2017. Records indicate that your data may be among that which has been accessed or stolen. We are writing to let you know of this risk to you and to advise you of the action you should take to protect your data in light of this attack.

As soon as we were notified about the incident we instructed Ecomnova to suspend the Debenhams Flowers site until further notice. Please note that Debenhams Flowers is completely separate from the Debenhams.com website, which has not been affected in any way.

There is no mention in the email as to whether Ecomnova, the company which was running the Debenhams Flowers site, was salting and hashing customers’ passwords – which is hardly comforting.

In a press statement, Debenhams apologised to affected customers, and said that anyone suspecting that they had been the victim of fraud should contact their band directly and report the incident to Action Fraud.

In addition, it would be wise for any user of the site to ensure that they are not using the same password anywhere else on the internet, and stop reusing passwords. You should use a unique password for every website you log into. Otherwise, one of the first things that a hacker will do after grabbing your credentials in a data breach like this is attempt to use them against other sites (such as your email account).

And as for the Debenhams Flowers website? Well, as of right now, it appears that Debenhams has pulled the plug.

Debenhams flowers website down

No flowers please.

About the author, Graham Cluley

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and gives presentations on the topic of computer security and online privacy.

Follow him on Twitter at @gcluley, Google Plus, Facebook, or drop him an email.

Follow @gcluley



Source link

Anith Gopal
No Comments

Post a Comment