Monday November 19, 2018

Fake Google Analytics Script Exposes Vision Direct Customer Info

The BBC reports that Vision Direct, a European contact lens store, suffered a data breach that exposed the financial info of over 6,600 customers, as well as other personal data of 9700 more customers. Some of the leaked data includes credit card numbers, expiration dates and CVV codes. Interestingly, a security expert on Twitter claims that a fake Google Analytics script from "g-analytics[.]com" was responsible for the breach, mirroring other recent hacks where bad code was used to send credit card info to shady URLs. The company's parent firm says they "will compensate any customers who have suffered financial loss as a result of this breach."

News Image

"This particular breach is known as Shoplift and was already known to our technology team, who installed a patch provided by our web platform provider to prevent this form of malware," she added. "Unfortunately, this current incident appears to be a derivative against which the patch proved ineffective. We are continuing to investigate the breach and have made numerous steps to ensure this does not happen again."

Discussion