Tuesday, 24 February 2015

Online Shopping, Is Your Credit Card Safe? The Lime Crime Hacker Scandal

To me there's nothing better than online shopping.

Picture courtesy of fashionbite.co.uk
The ease of buying what you need without having to leave your bedroom. The rush of making that purchase and knowing that in a few days time it will arrive nicely packaged at your doorstep, a lovely present from Mr. Postman. Over the past eight years or so I've thought nothing of handing over my credit card details online (provided the site is secure of course) until now. I'm sure by now you will have heard that on Monday 16th February it emerged that Lime Crime's website had been hacked and thousands of customers credit card details were stolen. This apparently had first started back in October but as people didn't realise their details were stolen because they had made a purchase on Lime Crime's site it unfortunately continued.

Lime Crime logo from naimies.com
What gets me about this is that it wasn't just people who had recently made purchases that had their details swiped, it was happening to anybody who had made a purchase from the site since October 4th 2014. I myself in the past have ordered from Lime Crime but luckily for me I used Pay Pal for the transaction. I had heard that even customers who had used Pay Pal had been targeted but Lime Crime have since said this is not the case, phew!

I stumbled upon the whole affair the first day it broke. I was online and decided to check and see if the ever popular Velvetines had been restocked when I saw that the site was 'down for maintenance'. At the time I didn't read too much into it but later on I saw a status update from the Lime Crime Facebook page explaining what was going on.

'Lime Crime Customers,
We have received reports of potential data breach on our website due to a hacker attack. We are NOT taking these reports lightly and are working with the authorities to investigate the nature and scope of the incident.
Your trust in us is our absolute priority. We have decided to temporarily disable limecrime.com so we can investigate further and ensure we can provide the secure shopping experience you all deserve. Further updates to follow.'

Needless to say there were hundreds of comments from concerned customers about what exactly was going on underneath. The next day they posted another update to let us know what was happening.

'Cyber crime is a real thing and, unfortunately, it's common. We have contacted law enforcement and have been working with forensic specialists in order to investigate the incident we believe took place on our website. What we know so far is that we've been attacked by hackers seeking to take credit & debit card data (based on our current investigation PayPal users were NOT affected). We do not yet know the window during which this occurred. We apologize profusely for any frustration this may have caused! At this time, we recommend that you review your banking activity vigilantly and contact your bank or credit card company immediately if any fraudulent transactions occurred.  We will be reaching out directly to anyone that may have been affected with additional information and support. We are not going anywhere. All orders placed on the website will still be shipped! limecrime.com will return after we investigate and rebuild a better, safer, more secure platform for you. We will continue to share any information we have and are compiling an FAQ on the incident that will be available shortly.'

Again there were lots of angry comments from affected customers saying that somebody had used their card online on various sites (even gambling sites such as online poker) and had reached the limit. Some hadn't even realised and only for their bank contacting them regarding suspicious activity on their account and cancelling the card they would have got away with more. Lime Crime's Facebook, Twitter and Instagram posted this update on Thursday 19th February:

'Thank you for bearing with us as we further investigate the recent hacker attack on our site. We know it's important to keep you in the loop! Many of you are wondering why we didn't disclose this earlier. The simple answer is: we didn't have any solid facts and couldn't see the magnitude of the situation. Based on just a handful of early complaints, we immediately initiated an investigation. It wasn't until very recently that a cyber forensics company retained by us found malicious software placed on our servers by hackers. Please know that as soon as we had more solid information, we shared it with you promptly and openly.
Some of you also wanted to know why a routine makeup post was removed earlier this week. We removed the post because the discussion was causing confusion and misinformation to our fans and customers. We felt it was important to make a dedicated post addressing the issue and share all the best information available. In retrospect, we agree that it wasn't the best way to handle things and we are sincerely sorry for any frustration it caused.
Currently, we are in the process of compiling a list of everyone affected & will be contacting directly. An FAQ is also under way. We treasure our customers and promise to keep you informed. We appreciate all the support, thank you for sticking by us during these trying times!'

As of today 23 February, the site is back up and running with a Security FAQ added and an apology from Doe Deere, the founder.

Apology from Doe Deere on limecrime.com
Although this is quite a big deal, it isn't just Lime Crime who have been targeted. This has happened to many big companies and unfortunately will continue to happen. There will always be people out there who will try to take what isn't theirs. This leads me to ask, really how safe is online shopping? OK you have the comfort of shopping from your own home, but this also means your money can still be stolen while your relaxing in your pajamas, just after buying those new pair of boots you wanted blissfully unaware that right that second somebody was having a spree online courtesy of you.

Picture courtesy of favim.com
What do you think? Would something like this make you think twice about shopping online? Let me know in the comments below!