How Hackers Are Using Affiliate Links to Try and Steal Data

Recently, we have noticed an increase in hacker activity in the affiliate space. More and more hackers are using affiliate links to hack into affiliate networks in an attempt to steal data. These hackers clearly know how affiliate links work, and are using sub IDs in order to gain access to the networks’ databases, which can give them access to user accounts and in extreme cases possibly payment information.


What is SQL Injection?

An SQL injection is when an unauthorized outside party uses SQL commands to break into a secure database. Traditionally this happens when a website allows a user to enter information, like when entering username and password on a login page, or details in a contact form. When the code is submitted to the back end it acts as a continuation to the code designed to run by the system and performs actions based on what the hacker wants to achieve.

How It Works

In our case the hackers aren’t using a contact form or a login page to hack the network, instead they are using affiliate links taken from your website. Hackers are taking over affiliate links through click bots, and insert malicious code in the sub ID value of those links. This acts kind of like a submission, and the code attempts to run itself on the back end of the network.

Generally the code used is an attempt to download the network’s database and then they can do whatever they want, even access payment information and possibly even change the destination of your commission to their account.

SQL Injection and Affiliates

In this day and age the majority of networks will be aware of this kind of attack and already have protection in place, however SQL injection is still so common because it works and we all need to be aware of it.

On a base level these attacks are skewing your data, they are running fraudulent clicks in an attempt to break into the networks and an unknown number of clicks are not from actual users but systems or people trying to hack the network.

If an attack were to succeed these hackers could gain access to your data and even potentially redirect commission payout to their accounts.

How To Protect Yourself?

When you have full visibility of your data and are able to audit it easily & thoroughly, then anything that looks out of place will become highly visible. At Trackonomics we have seen this happen on a number of networks and across multiple publishers. Our tech and regular data audits have made it obvious to us and our clients when this happens and we have been quick to react alerting both our clients and the networks of the attempted attacks, in most cases we have been the ones to raise the red flag to the network instigating the investigation. The Trackonomics platform also allows us to easily filter out fraudulent sub IDs giving us a much clearer picture of the true number of genuine clicks .

This article was written by Ben Sheridan, Lead Developer / Client Dev Pod.