Schedule Free Consultation
3 min read

Prevent Your GA Data From Getting Hijacked

Jun 25, 2019 12:00:00 PM

I know it sounds a bit funny, but people really do try to hack Google Analytics accounts.

Of all the things they could try to hack — bank accounts, credit card numbers, email addresses — some hackers have chosen Google Analytics.

So, no, this is not some kind of weird April Fools joke. And it certainly won’t be funny if it happens to you.

You’ll have to deal with the major inconvenience of having someone ruin the good data you’ve spent all this time collecting.

It doesn’t happen often, but it does happen. Luckily, there’s a pretty simple way to protect yourself.

What Does Hacking Google Analytics Even Look Like?

There are consultants out there who get paid by the number of impressions they can drive to a person’s website.

To be clear, there’s nothing wrong with this. However, some of these people use less-than-legitimate methods to drive traffic to the websites they are working for.

One way they try to get traffic is to hack into someone else’s Google Analytics and inject data from their site into your report.

What they’re hoping is that you’ll see a link to their website in your report, wonder what it is and click on the link. Boom. They just got paid.

Now, if they were actually good at their jobs, they would be able to drive legitimate traffic to their clients, but that’s another story.

What you need to worry about is the fact that you now have a bunch of illegitimate data on your Google Analytics report, and there isn’t a way to separate the good from the bad. It’s just ruined.

Hacking GA usually comes from people with these kinds of intentions. Either that, or you’ve created a mortal enemy somewhere who wants to take you down by ruining your data.

How Does Google Analytics Hacking Work?

It’s actually a lot simpler than you might think to corrupt someone’s analytics data.

Every GA user has to put a piece of code on their website. This code sends information back to Google, which puts it all together in a nice, little report for you.

Part of the code used includes what is called a “Property ID.” This ID is generated specifically for each individual user.

To find someone’s Property ID you just have to go into the source code of their website and look for it. It is not difficult to find.

Once you have it, you then take that code and place it in the GA code on your site.

By doing this, you’re telling Google to send the information from your site to this specific Google Analytics account. Now every time someone visits your website, the data is sent to that account.

Once it starts sending, there is no way to separate the data.

Everything someone needs to do this is public information, and it will ruin your data collection.

How To Prevent Your Google Analytics From Being Hacked

Luckily for you, preventing your data from being compromised is just about as simple as hacking it would be.

All it takes is one filter in Google Analytics.

Go to the view you want to create the filter in and add a new filter.

  • The first thing you’ll want to do is name your filter.
  • Next create a custom filter and hit “Include”
  • Put “Hostname” as the Filter Field
  • Put your URL as the Filter Pattern. Before the “.” put “\”

Keep in mind that once you complete this filter, you have to apply it to all of the views in all of your properties. Adding it to one will only protect that filter. You want to make sure all of your data is protected.

The other thing you have to do is be careful. Filters are very serious business. Messing them up can have a disastrous effect on your reporting.

Test your filter before you start applying it to your website. You should have a testing view in analytics, so use that and make sure it works before you apply your filter to real data.

Learn More About Googles Analytics

It doesn’t happen often, but people do hack Google Analytics accounts. It is very simple, and anyone with a bit of knowledge can do it. Creating a filter is the only way to protect yourself from having your data ruined. Better safe than sorry.


Jeremy Smith

Written by Jeremy Smith

Digital marketer with a penchant for dance; helping clients see the light through the jungle of tweets since before Twitter was cool.

Most Popular Blog Posts