Cyber Incident Victim: SOCIAPlus
Date:
Jun 2018
Location:
Hong Kong
Summary
Klook Travel disclosed that attackers accessed its system by injecting malicious JavaScript code linked to the third‑party analytics tool SOCIAPlus, exposing personal information and credit‑card data of roughly eight percent of its customers who had made purchases through the website. The compromised data included details from transactions conducted on the site during the period when the malicious script was active, while users of the mobile application remained unaffected. Upon discovery, the company removed the malicious code, engaged the cybersecurity firm Kroll to investigate, and confirmed that the breach had been contained.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On June 29, 2018, Klook Travel issued a press release informing users that it had suffered a data breach. The company stated that the breach resulted from malicious JavaScript code associated with a third‑party web‑based analytics tool named SOCIAPlus, which Klook had integrated into its website. Upon inquiry, the third‑party provider confirmed that the source of the breach was a single piece of infected JavaScript code. Klook said it became aware of the unauthorized access on that date and began an investigation immediately.

The breach potentially exposed personal information and credit‑card details of customers who made transactions through the Klook website between December 11, 2017, and June 13, 2018. Klook estimated that roughly eight percent of its total customer base was affected, while users of the Klook mobile app remained uncompromised because the breach only impacted web‑based transactions. The company noted that it had contained the breach shortly after discovery but could not prevent the data from being accessed during the period of exposure.
In response, Klook removed the malicious JavaScript from its site and engaged the cybersecurity firm Kroll to conduct a thorough investigation. The company notified the affected victims of the incident and advised them to monitor their account transactions vigilantly and to change their Klook account passwords. Klook asserted that the breach was now over and that it had taken steps to secure its systems against similar threats.
