How to Protect Google Analytics Data from Being Hacked

UPD. This information is not relevant to Universal Analytics (UA) but will be helpful for those who work with Google Analytics 4 (GA4). 

GA4 is a new version of analytics from Google that will replace UA on July 1, 2023. It’s a new tool for cross-device tracking with a different way of gathering data and advanced analytics features.

To learn more about it, check out our newest article. If you need help with migrating to Google Analytics 4, contact us here. 

Some time ago I saw a drastic traffic increase while looking into Google Analytics data…

I’ve explored traffic sources and detected some new websites in the statistics that actually did not have links referring to Dizzain.com website on their pages. Someone else put our Google Analytics tracking code on their website and caused a bit of a commotion in our data.

So, in this blog post, I will be sharing a solution and explaining what to do if someone else put your tracking code on their website.

Someone put my tracking code on their website. What’s next?

When someone puts your tracking code on their website, Google Analytics receives false data. Fraudsters can’t see your website data, but can corrupt your analytics data for you to make wrong decisions in the future.

How to understand that someone is hacking my data?

Click on the “Customization” button, choose “Create Custom Report” and click on the “New Custom Report” button.

Choose “Flat Table”, “Sessions” metric group, “Hostname” dimension, click “Save”. Now you can see all the main domains that originate traffic to your website in the view.

How can someone corrupt my Google Analytics data?

Corrupting Analytics data is easier than you think. Just go to any website, right-click on the content area, select “View page source” and find the java script code including UA-xxxxxxxx or GTM-xxxxxx (property id/tracking id).

Now all you need is to install the js code to another website to falsify the data.

Note: in case someone stole your GTM id, set up filters for all the data receiving tools installed via Google Tag Manager.

How to secure my Google Analytics data?

Historical data in Google Analytics can’t be changed, so we recommend to set up this filter in order to receive data from your website only:

1. Click on the “Admin” button at the bottom left corner.

2. Choose “All Filters” at the account level (1-st column).

3. Click“Add Filter” and name it.

4. Choose “Custom” filter type.

5. Click “Include”.

6. Choose “Hostname” in the Filter field.

7. Write domain name in the “Filter Pattern” tab.
Note: don’t forget to add a backslash “\” before every dot “.” in order to tell regular expressions to see the dot in its original context as a separator.

8. Mark the “Case sensitive” checkbox.

9. Apply this filter to the view you’re going to look your statistics through.

10. Click “Save”.

From this moment you know for sure that Google Analytics data you see in your account is reliable. I do also encourage you to set up the aforementioned filter if you have multiple website versions (production, staging) to hide all the irrelevant data not related to your production website.