The dangers of running a popular e-commerce site were highlighted again today after cosmetics firm Lush warned customers that it has been forced to close its web site because of repeated hacking attempts.
A statement on the site explained that Lush.co.uk is "still being targeted and there are continuing attempts to re-enter".
Lush advised any customers who had placed online orders between 4 October 2010 and 20 January 2011 to contact their banks for advice, as their card details may have been compromised.
Angry customers took to the firm's Facebook page to vent their frustration, many of them revealing that their card details had already been used to make fraudulent purchases.
"Both mine and my parents cards have been frauded, there is no proof of source, but we both recently made online payments to Lush UK," wrote Melissa Leyland.
"I would strongly advise anyone who has made a purchase to CANCEL YOUR CARD WITH IMMEDIATE EFFECT!!!. Our cards have been frauded with a mixture of transactions including EasyJet flights."
Another Lush customer, Samantha Lynne, expressed relief that she had never placed an online order with the firm.
I'll be telling all of my friends, too. This kind of blatant disregard for the security of customers' information is just unacceptable," she added.
The company has decided to retire the current site in the next few days and replace it with a temporary site which will take only PayPal payments.
Lush said that it will work with the police and banks to "do all we can to bring this branch of organised crime to justice".
"If you are reading this, our web team would like to say that your talents are formidable," the firm added in a statement clearly directed at the hackers.
"We would like to offer you a job, were it not for the fact that your morals are clearly not compatible with ours or our customers'."
Many details of the incident still remain unclear, such as how many cards could have been compromised and how the hackers gained entry to the cosmetics firm's back-end systems.
Trend Micro senior security advisor Rik Ferguson argued that firms need to undergo regular vulnerability scanning from the inside and outside as well as operate access rights on the principle of least privilege.
"Consumers should be demanding more services such as one-time credit card numbers from their financial institutions to afford them more protection when shopping online," he added in a blog post.
"One-time credit card numbers were introduced back in 2000 by AmEx but have not been as widely adopted by consumers as I would have expected."
Security vendor Panda Security warned on Thursday of a huge black market trade in stolen credit card and other financial data.
Mobile payment app makes users' details public by default
2,400 signatures gathered against the development and production of lethal robots
New Aston Martin flying car could take the wealthy from London to Birmingham in half an hour
With £6.7m in initial funding, Mosa Meat could be the first company to offer lab-grown meat to the public