VisionDirect suffers data leakage caused by MageCart script

VisionDirect, an online store that sells contact lenses, has reported that it suffered a data leak from November 3-8, 2018. As indicated in their announcement, only people who logged into the website in the specified date range were affected.

Among the information exposed are: full name, billing address, email address, password, telephone number and payment card information including number, expiration date and CVV (Card Verification Value).

The security breach was caused by the MageCart script, which captures payment and account information when it is entered into a form or submitted. Apparently, malicious JavaScript code was added that was intended to impersonate Google Analytics in several VisionDirect domains.