Sophos Cloud Optix
Lakeland, the home of all things kitchenware, has been hacked.
In a email sent to customers yesterday, it reported it had suffered a “sophisticated and sustained” attack, with the hackers gaining access through a “very recently identified” Java flaw.
Potential security breach of Lakeland website.
Late on Friday July 19th we discovered that the Lakeland website was being attacked by hackers in a sophisticated and sustained attack. Immediate action was taken to block the attack, repair the system and to investigate the damage done and this investigation continues.
Today it has become clear that two encrypted databases were accessed, though we've not been able to find any evidence that the data has been stolen. However, we have decided that it is safest to delete all the customer passwords used on our site and invite customers to reset their passwords next time they visit the Lakeland site. Next time you log-in to your Lakeland account you will be asked to reset your password and provide a new one. It is not necessary to do this straight away, just the next time you want to use the account.
While Lakeland reports it’s found no evidence that any data was stolen when two encrypted databases were accessed, it has reset customers’ passwords anyway.
Lakeland also advised that if you use the same password elsewhere on the web then you should change it straight away.
Good advice. If you use a different password on every account you hold, you make things much more difficult for hackers who might try to gain access to your other online accounts.
So repeat after us: I will not use the same password on multiple accounts.
And use a complicated and hard to guess password for each site you use. If you’re worried you won’t be able to remember them all, use a password manager like LastPass or KeePass.
"Today it has become clear that two encrypted databases were accessed, though we've not been able to find any evidence that the data has been stolen. "
So they found evidence that the databases were accessed, but no evidence they copied the database for later cracking? RIIIGHT
I went out to dinner with a bunch of folks a couple of nights ago. Somehow the discussion got around to security. Several of the folks there were alarmed out of their complacency by some of the horror stories that were told, and they had never heard of NakedSecurity.
Most of them were folks to whom the idea of using different passwords for each site with a password manager is still not a part of their world-view, but they think differently now. Pens came out to write down "NakedSecurity.sophos.com", and there will be some new subscribers by now.
No matter how many times we long-time readers have seen the message about not using the same password on multiple sites, it's a message that needs to be repeated for folks who don’t yet know better. They’re the low-hanging fruit who will become victims. If they're your friends, turn them on to NakedSecurity and help them educate themselves. It will make it that much harder on the bad guys, and help make all of us safer.