Fake Google Analytics Script Exposes Vision Direct Customer Info

Discussion in 'HardForum Tech News' started by AlphaAtlas, Nov 19, 2018.

  1. AlphaAtlas

    AlphaAtlas [H]ard|Gawd Staff Member

    Messages:
    1,713
    Joined:
    Mar 3, 2018
    The BBC reports that Vision Direct, a European contact lens store, suffered a data breach that exposed the financial info of over 6,600 customers, as well as other personal data of 9,700 more customers. Some of the leaked data includes credit card numbers, expiration dates and CVV codes. Interestingly, a security expert on Twitter claims that a fake Google Analytics script from "g-analytics[.]com" was responsible for the breach, mirroring other recent hacks where bad code was used to send credit card info to shady URLs. The company's parent firm says they "will compensate any customers who have suffered financial loss as a result of this breach."

    "This particular breach is known as Shoplift and was already known to our technology team, who installed a patch provided by our web platform provider to prevent this form of malware," she added. "Unfortunately, this current incident appears to be a derivative against which the patch proved ineffective. We are continuing to investigate the breach and have made numerous steps to ensure this does not happen again."
     
  2. Dead Parrot

    Dead Parrot 2[H]4U

    Messages:
    2,517
    Joined:
    Mar 4, 2013
    Crap like this is why I run some type of script blocker on all sites. Even [H]. While [H] scripts are allowed, scripts from non-[H] domains are blocked.
     
  3. the_servicer

    the_servicer [H]ard|Gawd

    Messages:
    1,986
    Joined:
    Aug 16, 2013
    I have sometimes wondered what third party scripts run on this forum, but I never got around to looking into it.
     
  4. Dead Parrot

    Dead Parrot 2[H]4U

    Messages:
    2,517
    Joined:
    Mar 4, 2013
    As I type this, the list as reported by noscript is:
    https://s3.amazonaws.com
    googletagmanager.com
    googletagservices.com

    On the front page there are scripts from 7 non [H] domains trying to run.
     
  5. katanaD

    katanaD [H]ard|Gawd

    Messages:
    1,987
    Joined:
    Nov 15, 2016
    wait.. they are calling this a security breach? Their webteam downloaded a script from a bogus domain and ran that instead of a legit one..
     
  6. Space_Ranger

    Space_Ranger Gawd

    Messages:
    630
    Joined:
    Jul 13, 2007
    What bothers me more was the fact that they were storing the CVV of the card. That's strictly against PCI-DSS compliance.
     
  7. jedijeb13

    jedijeb13 Limp Gawd

    Messages:
    302
    Joined:
    Feb 15, 2017
    Google is one of the main domains I always block scripts from. Facebook is number 2.