Late in December 2010, the Poole-based cosmetics company Lush released a statement saying they’d been hacked. They claimed anyone who placed an order online with them between the 4th of October and the 20th of January (this included me, FYI) were now at risk of having their credit card data stolen. Many old media outlets were quick to vilify the hackers, or sketchy in their articles [http://www.bbc.co.uk/news/uk-england-dorset-12248992], but some chose to quote the public, those affected by the attack. “Graham Cluley, a senior technology consultant, said: ‘Why was the customer credit card information not encrypted? If it had been strongly encrypted then, although a hack might have been embarrassing, customers would not necessarily be at risk of fraud.
All companies need to treat the security of their customers’ personal information and credit card data seriously to reduce the chances of hackers being able to cause harm and corporate embarrassment.’” http://www.dailymail.co.uk/news/article-1349513/Thousands-bank-details-risk-hackers-hit-Lush-website.html
This quote, and many more like it, shows that many modern day citizens are v
ersed in computer safety, and believe it to be the resoposability of the website to protect and care for consumers data. Many new media outlets took a very firm stance against the company. They pointed out that the “Lush’s statement leaves plenty of questions unanswered, not least how many records were exposed by the attack and what went wrong with its UK site” [http://www.theregister.co.uk/2011/01/21/lush_cosmetics_hack_attack/], indicating that the time span in which data was put at risk indicate severe incompetence by the company. New media outlets report how “Noa Bar-Yosef, senior security strategist at Imperva, said: “It seems that Lush online application is riddled with vulnerabilities. They even comment on continuing to be a target and so they’re taking the website down. So it’s not just one sole vulnerability that could have been quickly fixed, but lots of security issues which would require a security overhaul.”
He said it appeared that the attack “clearly shows that L
ush was in breach of PCI DSS compliance,” – the regulations that bind etailers who accept Visa and Mastercard payments.” [http://www.internetretailing.net/2011/01/hacked-lush-site-seems-to-have-been-riddled-with-vulnerabilities/]
This difference in media portrayal shows the differen
ce between the uneducated old media, quick to vilify the hackers and victimise the webshop, and the slightly more hacker savvy, slightly more understanding new med
ia outlets, who hold unprotected websites and badly designed webshops accountable, calling them out as being careless and flawed. It is in cases like this that we see the start of the fracture separating the media’s portrayals.
Hacking in the Media 