25 July 2013
Kitchenwear retailer Lakeland is the latest high profile company to have its website hacked.
The Cumbria-based firm suffered "a sophisticated and sustained attack" by hackers exploiting a flaw in Java-based software. The attack on the site began on Friday night and succeeded in accessing two encrypted databases.
There is no evidence to suggest that customer data was stolen, but the company has deleted all passwords for the site and in an email yesterday, asked its customers to reset them the next time they log in.
The incident again highlights the need for people to use different passwords for different online accounts. If you use common login details, the chances of criminals accessing your banking, shopping and other sites and defrauding you are dramatically increased.
Lakeland's customer email said that after the attack was discovered, "immediate action was taken to block the attack, repair the system and to investigate the damage done, and this investigation continues".
"Lakeland had been subjected to a sophisticated cyber-attack using a very recently identified flaw in the Java software used by the servers running our website, and indeed numerous websites around the world. This flaw was used to gain unauthorised access to the Lakeland web system and data. Hacking the Lakeland site has taken a concerted effort and considerable skill," it explained.
It is not known whether a patch had been issued for the vulnerability concerned. Many businesses are allegedly running outdated and therefore insecure versions of Java, with 82% of businesses running the most vulnerable version of Java — v6 — on their PCs and servers.