If you have been paying attention at all to the goings on in information security this year you will have heard of the Magecart hacker group. Magecart successfully hacked several high profile targets and stole the personal information and credit card details of hundreds of thousands of people.
Just stop and think about the number of payment and checkout flows in the world that will have Google Analytics loaded on them. After all the whole point of Google Analytics is gaining insight in user behaviour and a crucial part of that is establishing CLTV, customer lifetime value, which Google Analytics can of course help with. Personally I think this prospect is absolutely terrifying.
Google is one of the richest and most powerful companies in the world and as such is a very difficult target to successfully attack. However they have certainly been hacked previously and even the most hardened security processes aren’t foolproof. Nothing is impossible to hack.
- Hack Google Analytics. Left as an exercise to the reader.
- Inject PII and credit card siphoning code in their delivery scripts. Maybe steal some code from Magecart, just remember to change the collection server.