VisionDirect Blindsided by Magecart in Data Breach


VisionDirect Blindsided by Magecart in Data Breach (Nov 19, 2018)

UK-based optical lens site, VisionDirect, announced that they suffered a data breach that compromised customers’ personal and bank details. The breach disclosure stated that the incident occurred between November 3 through 8, 2018. Only information entered or updated in the system during those days were compromised, so existing customers who were not active at all between the 3rd and 8th, are unaffected. The information compromised includes addresses, card numbers, CVVs, email addresses, expiration dates of cards, names, passwords, and telephone numbers. Independent security researchers discovered that a JavaScript keylogger was injected into the VisionDirect’s website, so it is highly suspected the threat group, MageCart, is behind this.

Recommendation: Leaks of this sort leads victims to be at a large risk of phishing attacks. Actors can use this information to coerce more personal data from the victim. Individuals who have accounts associated with this story should change their passwords as soon as possible, particularly if passwords for said accounts are the same to other online accounts. Monitor your bank transactions closely to ensure no malicious activity is occurring.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.