Skip to main content

Vision Direct suffers major consumer hack

(Image credit: Image Credit: Blogging Beautifully)
Audio player loading…

The personal details, including credit card numbers, expiration dates and CVV codes, of thousands of Vision Direct customers have been exposed following a hack against Europe's largest online seller of contact lenses and eye care products.

The online retailer noted that anyone who entered their details into its site between 3 and 8 November could be affected with 16,300 customers identified as being at risk.

Vision Direct revealed that a fake Google Analytics script hidden within its sites' code was the cause of the hack and that its UK site was involved as well as local versions for Ireland, the Netherlands, France, Spain, Italy and Belgium.

A company spokesperson told the BBC that 6,600 customers were believed to have had their financial data compromised while 9,700 people had just their personal data exposed.

Shoplift malware

Vision Direct's spokesperson provided further details on the cause of the breach to the BBC, saying:

"This particular breach is known as Shoplift and was already known to our technology team, who installed a patch provided by our web platform provider to prevent this form of malware. Unfortunately, this current incident appears to be a derivative against which the patch proved ineffective. We are continuing to investigate the breach and have made numerous steps to ensure this does not happen again."

After news of the attack spread, Vision Direct apologised to those who were affected by the hack in a statement on its site in which it urged anyone who updated their details between 3 and 8 November to contact their banks and or credit card providers, saying:

"The personal information was compromised when it was being entered into the site and includes full name, billing address, email address, password, telephone number and payment card information, including card number, expiry date and CVV. We understand that this incident will cause concern and inconvenience to our customers. We are contacting all affected customers to apologise."

The company also noted that those who used PayPal during the period might have had their personal details exposed but their payment details should be safe.

Via the BBC

Anthony Spadafora

After living and working in South Korea for seven years, Anthony now resides in Houston, Texas where he writes about a variety of technology topics for ITProPortal and TechRadar. He has been a tech enthusiast for as long as he can remember and has spent countless hours researching and tinkering with PCs, mobile phones and game consoles.