They Should Have Seen it Coming – VisionDirect is Hacked


Ted McKendall

Last week, European contact lens supplier Vision Direct announced that it is the latest online vendor to fall victim to a data breach. Does a day go by where an organization is not hacked? The Vision Direct site was reportedly compromised from 12.11am GMT November 3 to 12.52pm GMT November 8. Any customers who were logged in and either ordering a product or updating their details in this time frame will potentially have been affected.


Like many of the breaches we have seen in the news recently, the hackers went for a clean sweep of customer details – with data including full names, addresses, telephone numbers, email addresses, passwords and payment card data all being swiped. The card data lost includes card numbers, expiry dates and CVV codes. This is the holy trinity for criminals, as these are often all the details needed to make purchases using customer cards online. Obtaining the CVV code is especially bad, as this is usually the key in verifying that the online customer is the real card holder.


Vision Direct may seem like an unlikely target for cybercriminals. However, the retailer claims to be Europe’s biggest online seller of contact lenses and eye care products and, as with any merchant that has a high volume of customers going through the site, this will have made it a target for cyber criminals. Although figures on the full extent of the breach have not yet been released, Vision Direct UK and numerous other websites they own across Europe were affected in the hack – so the number is certainly going to be in the several thousands.


Magecart Strikes Again


It has been reported that this breach is once again the actions of the MageCart group, based on the code that was used. MageCart have gained quite the reputation since starting operation in 2015 – with recent attacks including those against British Airways, TicketMaster, and Newegg.


Magecart uses web-based, digital card skimmers – scripts that are injected onto the website to directly steal data as the customer enters it onto the payment form on e-commerce websites. In this case, the criminals embedded malicious code posing as Google Analytics into a hosted JavaScript library. Once embedded in the Vision Direct domains, the Magecart malware is then able to collect the personal data visitors enter on the site (such as payment card details).


How Can We Fight Back?


Customers who entered their details on the Vision Direct website between the affected time window should cancel their cards right away. While their cards may still be sitting in their wallet, effectively they been stolen, and customers need to take the same recourse they would if it had been pickpocketed.


However, the ultimate responsibility for stopping customer-targeting malware campaigns from being successful lies with the retailers themselves. Vision Direct joins the list of organizations to let their customers down when it comes to their data. It’s particularly tragic in this case, as the company explicitly stated on its website that all payments were ‘totally secure’ before the breach happened. VisionDirect – as well as countless other companies – need to ensure that their sites are actually secure, rather than just claiming that they are.


To stop these attacks, businesses need to prevent payment information from leaving their sites. This would mean that – no matter the method of attack – culprits would be thwarted and customer data protected.


Trusted Knight’s Protector Air protects transaction sessions – it’s a cloud-based solution that is invisible to the end users and stops transactional fraud by securing the transaction stack and therefore ensuring the integrity of every transaction. To find out more on how to protect your business with Trusted Knight, click here.


Request a Free Trial Download Whitepaper Now