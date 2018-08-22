Is it a chemist? Is it a drug store? NO it's...

SUPERDRUG is the latest victim of the security soap opera that is data leaks, after being rinsed by cybercriminals.

In an email to all customers on Tuesday, Peter Macnab, boss of Superdrug, which is owned by Hutchison, explained: "On the evening of the 20th of August, we were contacted by hackers who claimed they had obtained a number of our customers' online shopping information.

"There is no evidence that Superdrug's systems have been compromised.

"We believe the hacker obtained customers' email addresses and passwords from other websites and then used those credentials to access accounts on our website.

"The hacker claims that they have obtained information on approximately 20,000 customers but we have only seen 386."

Three and Superdrug are preparing to launch a 4G mobile network together, and possibly sell phones through Superdrug stores. So that inspires confidence.

Although the idea that Superdrug's system being pwned seems to be without foundation, it doesn't appear to be something they'd make-up and so things mascara on as normal.

Oddly, Superdrug hasn't reset everyone's passwords, as is the standard procedure, but simply advises customers that it needs to do it now, and then regularly. You should use at least 10 characters if you can vitamin.

It certainly shouldn't be one of those passwords that looks like a normal password but has fewer letters to get it through airport security (actually, that might be sun cream).

Although Superdrug's reaction seems to be about protecting its customers, it has confirmed it has contacted the police and Action Fraud, the government's fraud and cybercrime division.

Sanjay Ramnath, VP at AlienVault commented on the hack: "It is critical then for organizations within the retail sector to have strong threat detection and response systems in place so that any breaches or attempted breaches can be spotted quickly and the appropriate and timely response taken.

"Complimenting this with up-to-date threat intelligence data that can help identify emerging and popular threats against retailers. If compliance with industry standards like PCI and regulatory standards like GDPR are not found, then the consequences could be dire."

Superdrug has asked all customers to change their passwords and check their security settings. Wella, obviously.

It's pretty easy - just go to the website and click on your mousse.

Remember not to use a password you've used anywhere else. Because you're worth it. μ