Security Experts:

Connect with us

Hi, what are you looking for?


Incident Response

Vision Direct Reveals Data Breach

Popular European online contact lenses supplier Vision Direct on Monday revealed that customer data was compromised in a data breach earlier this month. 

Popular European online contact lenses supplier Vision Direct on Monday revealed that customer data was compromised in a data breach earlier this month. 

Customers who ordered products or updated their information on the company’s UK website ( between November 3 and November 8 likely had their information stolen, the company said in a disclosure. 

The data became compromised when the users entered it on the website, and not from the Vision Direct database website. Thus, existing personal data previously stored in the database was not affected, the company explains.

The attackers were able to extract customer personal and financial details such as full name, billing address, email address, password, telephone number and payment card information, including card number, expiry date and CVV.

Customers who made orders through PayPal did not have their PayPal accounts compromised, although other personal information, including name and address, might have been accessed.

Vision Direct says the breach has been resolved and that it has already taken the necessary steps to prevent further data theft. The company is also working with the authorities to investigate the incident. 

“Customers who logged into or created a new account between 12.11am GMT 3rd November 2018 and 12.52pm GMT 8th November 2018 may have been affected. We advise any customersaid

In a discussion on Twitter, security researchers who looked into the incident revealed that the data was stolen via a Javascript keylogger placed on the website, similar to the numerous MageCart attacks that made the headlines over the past several months.

Vision Direct customer data was apparently stolen with the help of a fake Google Analytics script. The malware was served from, a fraudulent domain “hosted on a dodgy Russian/Romanian/Dutch/Dubai network called HostSailor,” as security researcher Willem de Groot revealed in September. 

The g-analytics malware has already infected a large number of websites, the researcher revealed at the time. He had been tracking 15 different variations by early September, but the malware used on Vision Direct appears to be a different sample. 

While Vision Direct only mentioned as being compromised, de Groot pointed out on Twitter that the attack hit nearly a dozen of the company’s websites. 

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.

Incident Response

A new Mississippi Cyber Unit will be the state’s centralized cybersecurity threat information, mitigation and incident reporting and response center.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.


Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by...


Thoma Bravo will spend $1.3 billion to acquire Canadian software firm Magnet Forensics, expanding a push into the lucrative cybersecurity business.