Kate Dries reports:
The website for the vegan makeup company Lime Crime, whose wares are sold by Urban Outfitters and Nasty Gal, among others, admitted they’d been hacked earlier this week and that customer information has been compromised. But customers are up in arms over the way the site handled telling them that – or not telling them, as the case may be.
While their site is down, Lime Crime has been using Instagram to post updates about the breach. Their data security, notification approach and breach response have not sat well with some. Dries reports:
Many furious commenters on Lime Crime’s Facebook page allege that the company has known about the security flaws in their checkout system for months; some are arguing that Lime Crime was using an expired SSL certificate, which is what is used to secure credit card transactions. Since the fall, customers have been noticing that their credit card information has been stolen after using Lime Crime’s website, but have received no response or action.
“It’s cute how you didn’t bother doing anything about this until it became public,” wrote one woman. “There were people who reported this to you back in November and you didn’t bother until it became bad PR.”
Read more on Jezebel.
As of the time of this posting, Lime Crime’s site is still down.