Vision Direct, the company which considers itself the number one destination for contact lenses in the UK has been involved in a massive credit card scam.
The European online contact lens provider revealed that personal information and credit card details of many of its customers had been stolen.
The hackers had gained full access to the customers’ details which is extremely concerning, especially for such a massive business as vision direct.
Compromised data included full name, billing address, email address, password, telephone number, and payment card information, including card number, expiry date and Card Verification Value (CVV).
It is unclear how many customers have been affected, and the company hasn’t given many details as of yet.
The company did inform that users who were logged onto the site between 12.11am GMT November 3, 2018, and 12.52pm GMT on 8th November had their data compromised.
Vision direct told about these hacks through a blog on its website.
Users who were updating their info or placing an order on the company’s official site during that particular timeframe were most likely who got their data stolen.
The company says that it notified its customers about the hacks via email. It also advised customers to contact their bank or credit card provider and follow their advice.
The contact lens provider stated that any existing personal data that was previously stored in the company’s database remained unaffected by the hack.
All payment card data was saved with a third party that served as Vision Direct’s payment providers.
This way any payment card information that was existing already did not get affected by the breach.
Mastercard, Maestro, and Visa were the three credit card companies that got affected.
It seems Vision Direct’s UK website was affected by a fake Google Analytics script.
Another cause for the concern is that Vision Direct’s other domains might have been compromised as well.
The company also answered a couple of FAQs on their website to help customers with any of their pressing concerns.
The company said their site is back in its normal working order. So customers can place their orders without any fear.
Any remaining orders will be taken care of, and customers should receive their order on time.
Vision Direct also sent a separate email to customers who it believed had their information stolen.
The email contained information on how to reset customers’ password.
Even though major credit cards were breached, it seems PayPal accounts might still be safe. The company still warns customers that it is better to contact PayPal since their address and phone number was leaked.
A shady Russian group seems to behind the hack. The fake script seems to be hosted on a suspicious Russian network known as HostSailor. Such incidents have become everyday news by now. Bitcoin scams are the latest trend in the world of digital scams.
Many high profile companies including Target and Google have had their official Twitter accounts hacked to run Bitcoin scams.
With such news, it is everyone’s responsibility to keep their online presence as safe as possible.
Muhammad Abdullah
Areen Zahra
