Re-used your creds elsewhere? Might wanna change those
Children’s shoes retailer Start-rite Shoes has suspended sales following the discovery of an attack by hackers last weekend.
UK-based Start-rite reckons hackers may have obtained customer names, postal address, telephone number and email address of its clients.
Payment details are not stored on the site and therefore should be safe.
Start-rite has nonetheless decided to suspend ops in order to run a full security audit, as an advisory note by the retailer explains:
At the weekend, an unauthorised person managed to breach the security of our website and we reacted immediately implementing a security fix.
As an extra precaution we have temporarily taken startriteshoes.com offline whilst we implement a full security audit.
Our system doesn’t allow us to currently take orders or payment over the phone, so clients should be wary of approaches on that from because they are likely to come from criminals.
A heightened risk of phishing in general in the biggest practical outcome of the breach.
Although reassuring customers that “password information is also secure”, Start-rite is still advising customers to change their login credentials once the site is back up and running.
This isn’t terribly reassuring, especially when set alongside Start-rite’s advice to change passwords on third-party sites should customers have re-used the same login credentials elsewhere.
A simple statement that passwords were hashed and salted used industry best practices would have been more reassuring.
All this aside, Start-rite is apologising to its customers for its temporary suspension of services, though the likely duration is currently unclear.
It promised to run a sale offering 20 per cent off full-priced items and a 70 per cent discount on select goods once it returns online.
The front page of Start-rite’s site states that the site is down for maintenance work, which is taking longer than expected.
Information on the breach comes from a customer notification email seen by El Reg.
Norwich-based Start-rite – which describes itself as a world leader in children’s fitted footwear – is yet to confirm a breach via its official Twitter feed either. El Reg invited it to clarify the situation but is yet to receive a reply.
Thanks to Reg reader Leo for the head’s up on the breach.
Sponsored: Global DDoS threat landscape report