'Lakeland resets passwords after security breach' diff viewer (0/1)

This article is from the source 'bbc' and was first published or seen on July 24, 2013 14:12 (UTC). It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.bbc.co.uk/news/technology-23437064

The article has changed 3 times. There is an RSS feed of changes available.

Previous version 1 2 Next version

Previous version 1 2 Next version

Version 0	Version 1
~~Lakeland warns of security breach linked to Java flaw~~	Lakeland resets passwords after security breach
2013-07-24 14:15:19 UTC	2013-07-24 14:50:06 UTC (35 minutes later)
Homeware retailer Lakeland has warned shoppers who have used its website that their details may have been compromised.	Homeware retailer Lakeland has warned shoppers who have used its website that their details may have been compromised.
The firm said that two of its encrypted databases were accessed during a cyber-attack, although it was not clear if any data was stolen.	The firm said that two of its encrypted databases were accessed during a cyber-attack, although it was not clear if any data was stolen.
It added that it had reset all customers' passwords as a precaution.	It added that it had reset all customers' passwords as a precaution.
~~The Cumbria-based company blamed a problem in ~~Oracle's~~ ~~Java~~ software for having made it vulnerable.~~	The Cumbria-based company blamed a problem in Java-based software for having made it vulnerable.
"Lakeland had been subjected to a sophisticated cyber-attack using a very recently identified flaw in the Java software used by the servers running our website, and indeed numerous websites around the world," said its managing director Sam Rayner.	"Lakeland had been subjected to a sophisticated cyber-attack using a very recently identified flaw in the Java software used by the servers running our website, and indeed numerous websites around the world," said its managing director Sam Rayner.
"This flaw was used to gain unauthorised access to the Lakeland web system and data."	"This flaw was used to gain unauthorised access to the Lakeland web system and data."
He added that his firm first became aware of the incident on Friday and that it had happened despite "best efforts" to "use the best security systems available".	He added that his firm first became aware of the incident on Friday and that it had happened despite "best efforts" to "use the best security systems available".
~~Java~~ ~~updates~~	Server software
A spokeswoman added that Lakeland intended to be "open and honest" with customers about the incident and that its teams had worked "around the clock" to identify and block the problem.	A spokeswoman added that Lakeland intended to be "open and honest" with customers about the incident and that its teams had worked "around the clock" to identify and block the problem.
However, she was unable to say what information had been contained in the attacked databases and what type of encryption had been used to protect it.	However, she was unable to say what information had been contained in the attacked databases and what type of encryption had been used to protect it.
Nor was she able to say whether the firm's IT provider - whom she would not name - had installed an up-to-date version of Java on its computers.	Nor was she able to say whether the firm's IT provider - whom she would not name - had installed an up-to-date version of Java on its computers.
~~Oracle~~ ~~has~~ ~~recently~~ ~~accelerated~~ ~~the~~ ~~pace~~ at ~~which~~ it is ~~issuing~~ ~~updates~~ to the ~~software.~~	Lakeland added that it planned to give the police details about the investigation carried out by its own security experts who had advised it not to make further information public at this point.
~~The~~ ~~head~~ of the ~~Java~~ ~~platform's~~ ~~development~~ ~~team,~~ ~~Nandini~~ ~~Raman,~~ ~~blogged~~ in ~~May~~ ~~that~~ a ~~"historically~~ ~~high~~ ~~number~~ of ~~security~~ ~~fixes"~~ ~~had~~ ~~been~~ ~~released~~ in ~~recent~~ ~~months~~ ~~following~~ ~~media~~ ~~reports~~ of ~~vulnerabilities.~~	One security researcher said the incident should act as a "wake-up call" to other firms using Java-based software on their back-end systems.
~~But one security researcher said the incident should still act as a "wake-up call" to other firms using Java on their back-end systems.~~
"Almost always when you hear warnings about Java it is about an outdated version of the web browser plug-in making the computer vulnerable to exploits coming from hacked websites - that's not what happened here," said Mikko Hypponen, chief research officer at F-Secure.	"Almost always when you hear warnings about Java it is about an outdated version of the web browser plug-in making the computer vulnerable to exploits coming from hacked websites - that's not what happened here," said Mikko Hypponen, chief research officer at F-Secure.
"Here they were running Java on the server side which was somehow remotely breached, this is a much rarer way of attacking systems.	"Here they were running Java on the server side which was somehow remotely breached, this is a much rarer way of attacking systems.
~~"The big picture is that Oracle has a lot to do. When you compare it to how much Microsoft and Adobe have improved their security over the last years, Oracle still has a lot to catch up with."~~
He added that it would be helpful if Lakeland could provide more details of what had happened so that others could learn from the attack.	He added that it would be helpful if Lakeland could provide more details of what had happened so that others could learn from the attack.