Renowned European contact less merchant Vision Direct has been hit by a data security breach incident causing loss of personal and financial data of their customer during the first week of November. In a security breach notice posted on the company confirmed that in a data theft incident between Nov 3 – Nov 8 all those customers who entered or altered their personal or financial information on website, their information has been disclosed to a intruder. “Between 12.11am GMT 3rd November 2018 and 12.52pm GMT 8th November, the personal and financial details of some of our customers ordering or updating their information on was compromised. This data was compromised when entering data on the website and not from the Vision Direct database. The breach has been resolved and our website is working normally.”, VisionDirect said.

Giving out details on the information stolen VisionDirect wrote “The personal information was compromised when it was being entered into the site and includes full name, billing address, email address, password, telephone number and payment card information, including card number, expiry date and CVV.” They did not provided any number of customer impacted by the breach incident, however confirmed that all those customers who logged in to their account within the specified time period and made any change to their account has been impacted. This also includes those customer who made any transaction on website or mobile app within Nov 3 and Nov 8. The breach not only VisionDirect UK website but also other websites operating allover the Europe such as, and .

VisionDircet has not been able to provide any information on how the incident happened or how the attackers was able to access secure information of the customers, however infosec community on Twitter pointing to Magecart group, a criminal group accused for data theft incidents from several e-commerce websites from past three years. A javascript keylogger which pretend to be Google Analytics code has been identified to be used as digital skimmer which was essentially embedded into a hosted JavaScript library, according to several security researchers Troy Mursch and Mikko Hypponen.

That’s exactly what it was. The data was stolen via a fake Google Analytics script: https://g-analytics[.]com/libs/1.0.16/analytics.js – you can view a copy of the JS via the @urlscanio archive of — Bad Packets Report (@bad_packets) November 18, 2018

When a visitor goes to that website, the Magecart group’s malware will then collect personal details entered on the site. While the script looked like that of Google Analytics, the script (google-analytic[.]com) is not owned by Google

In an earlier incident this year Magecart group has been accused for a massive breach of Ticketmaster causing loss of hundreds of thousands of customer information.

Since every website contains some vulnerabilities which can be exploited at certain point of time by an individual or group with or above certain intelligence level, it is better to be cautious about e-commerce application security before it is too late. If you own an e-commerce website or mobile application and collecting or storing sensitive customer information you might choose to talk with one of our e-commerce appsec expert to learn more on our managed application security solution.