Menu
Browse

Cyber Incident Victim: SOCIAPlus

Date:

Jun 2018

Location:

Hong Kong

Summary

Klook Travel disclosed that attackers accessed its system by injecting malicious JavaScript code linked to the third‑party analytics tool SOCIAPlus, exposing personal information and credit‑card data of roughly eight percent of its customers who had made purchases through the website. The compromised data included details from transactions conducted on the site during the period when the malicious script was active, while users of the mobile application remained unaffected. Upon discovery, the company removed the malicious code, engaged the cybersecurity firm Kroll to investigate, and confirmed that the breach had been contained.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 3 motives 1 technique
Threat Actor Type Location
1 actor Available to members Available to members

Description

On June 29, 2018, Klook Travel issued a press release informing users that it had suffered a data breach. The company stated that the breach resulted from malicious JavaScript code associated with a third‑party web‑based analytics tool named SOCIAPlus, which Klook had integrated into its website. Upon inquiry, the third‑party provider confirmed that the source of the breach was a single piece of infected JavaScript code. Klook said it became aware of the unauthorized access on that date and began an investigation immediately.

Cyber Incident Image

The breach potentially exposed personal information and credit‑card details of customers who made transactions through the Klook website between December 11, 2017, and June 13, 2018. Klook estimated that roughly eight percent of its total customer base was affected, while users of the Klook mobile app remained uncompromised because the breach only impacted web‑based transactions. The company noted that it had contained the breach shortly after discovery but could not prevent the data from being accessed during the period of exposure.

In response, Klook removed the malicious JavaScript from its site and engaged the cybersecurity firm Kroll to conduct a thorough investigation. The company notified the affected victims of the incident and advised them to monitor their account transactions vigilantly and to change their Klook account passwords. Klook asserted that the breach was now over and that it had taken steps to secure its systems against similar threats.

Sources
Sources available to members
1 source