Cyber Incident Victim: SOCIAPlus

On June 29, 2018, Hong Kong-based travel booking platform Klook notified customers of a data breach resulting from unauthorized access to its systems. The compromise occurred via a malicious JavaScript code linked to SOCIAPlus, a third-party web analytics tool integrated into Klook’s website. Attackers exploited this code to extract customer data between December 11, 2017, and June 13, 2018. Klook confirmed the breach originated from the infected SOCIAPlus script after coordinating with the third-party provider. Investigations estimated approximately 8% of Klook’s customer base was affected, with compromised data including personal details and credit card information. Only users who conducted transactions through Klook’s website during the exposure window were impacted; mobile app users remained unaffected. The company contained the breach upon detection but acknowledged data exfiltration had already occurred during the active intrusion period.

Klook engaged cybersecurity firm Kroll to investigate the incident and removed the malicious JavaScript from its platform. The company issued direct notifications to affected users and publicly confirmed the breach was contained. While declaring the threat resolved, Klook advised customers to monitor financial accounts for suspicious activity and reset their platform passwords as a precaution. Internal assessments confirmed the breach’s scope was limited to web transactions during the six-month exposure window, with no evidence of ongoing system compromise after June 13, 2018. Klook’s response emphasized transparency through FAQs and a press release detailing the intrusion vector and remediation steps.