The Vision Direct Breach

• by Ellie Hurst
• Advent IM Blog

We are delighted to have a guest post for you from Michelle Horton, Advent IM Security Consultant.

The Vision Direct data breach, reminds me of someone dressing up for Halloween and pretending to be something or someone they aren’t for a short period of time, albeit be a few days late!

The breach was caused by an analytics script which had “dressed-up” as a legit google site and even went with the full “face paint” of including a fake pop up which has been designed just for the Vision Direct site.

What concerns me, is that Vision Direct trades across multiple countries and in my experience should have a dedicated savvy tech team watching out for stuff like this happening and are prepared and ready to catch anything suspicious. When the fake Google attached itself to the website, using very similar code to Google’s, did their tech team just quickly look at it and think, looks like Google, so must be Google!? FOR 6 DAYS!?

6 days of no one really checking the security of these attachments left 16,300 people at risk which included both personal, financial and other data. However, no fear, as they ASSUME PayPal transactions are safe. I’m sure that reassures these customers….

Whilst 16,300 people being compromised is a lot of people, can you imagine if this would have been executed over the Black Friday and Cyber Monday sales!? Well maybe it has been executed to another site with custom built pop ups! Fingers crossed that if it has, the tech team will pick up quicker and prevent any damage being done.

What is scary is that the CVV numbers of some customers has been compromised. The CVV number (the last three digits on the back of the card) are meant to be a bit of proof that you have the physical card in front of you when purchasing online or over the phone. Trick for the customer treat for the scammer!

This is not the first company this has happened to and certainly won’t be the last. Attaching Malware to consumer sites is quite uncommon as the hackers rely on visitors to the sites and entering details, usually this malware is deployed to obtain administration login details to access a company’s database to exploit and access all confidential information. This has happened to eBay and Yahoo. In 2014, Yahoo was attacked and the real names, email addresses, dates of birth and telephone numbers of 500 million users was compromised. eBay reported a cyberattack in May 2014 that exposed names, addresses, dates of birth and encrypted passwords of all of its 145 million users. Both companies were the victim of hackers using company network credentials of employees. This is much harder to trace and track and eBay advised the hackers had complete inside access for 229 days, during which time they were able to make their way to the user database. In my opinion, employee credentials should be monitored closely, especially administration accounts, footprints of activity should be analysed for fair usage and unusual activity. Maybe if eBay had done this, the hackers may have only had 2/3 days of access rather than 229.

When it comes to being smart in regards to keeping your financial details safe, remember to not click on pop-ups, is the website secure, never download anything you are unsure of. Make sure websites you are using have the locked padlock either on the address bar or somewhere at the bottom right hand corner of the window. Sometimes breaches like this can happen no matter how on the ball companies or you are. Therefore, always keep an eye on your accounts and contact your bank if you think your details have been compromised.