Klook Travel Suffered Data Breach Exposing Users’ Credit Card Details

It would seem the last week has been full of data breaches with Ticketmaster and Adidas facing major incidents. Well here is another one, Hong Kong-based Klook Travel also suffered data breach incident in the same week.

Klook Travel Suffered Data Breach Affecting Users

On June 29, 2018, Klook Travel informed their users about a data breach incident it suffered. Their press release states the details of the incident, along with FAQs to answer possible questions of their customers.

As explained in the statement, the hackers managed to access their system by exploiting a malicious JS code associated with a third-party tool integrated on the site.

“Klook has become aware that certain customer information may have been accessed without authorization, as a result of a malicious JavaScript code associated with a third-party web-based analytics tool, SOCIAPlus (the “third-party provider”), which Klook used on its website. Upon inquiry, Klook received confirmation from the third-party provider that the source of the data breach was a single piece of JavaScript code that was infected.”

Though the investigations are underway, Klook estimates the affected users to be around 8% of all customers. Klook Travel has already notified the victims of the breach.

Klook Contained The Breach – Yet Some Information Compromised

The company claims to have contained the breach right after noticing it. However, they could not protect the data from hacking during the time of the breach. The hacked data also includes personal information of some users, as well as credit card details.

“The incident resulted in the possible compromise of personal data and credit card information provided by customers. Transactions made on the Klook website between December 11, 2017, to June 13, 2018, may have been impacted.”

Nonetheless, the users of Klook’s mobile app remained safe. The breach only affected transactions made directly through the Klook Travel website.

Klook has also involved a cybersecurity firm, Kroll, to investigate the matter. They have also removed the malicious JavaScript. They assure the breach is now over. Yet, as a precaution, they recommend their users to monitor account transactions vigilantly. They also advise their customers to change their Klook account passwords.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients