There’s a growing number of issues related to third- and fourth-party scripts running on your company website. These resources are a majorly underappreciated source of malicious potential for an attacker. In 2013, a group known as the Syrian Electronic Army compromised a marketing and recommendation partner for three of the major news outlets in the U.S. In some cases, the breach led to the full data breach of associated customer records. A similar vulnerability wreaked havoc on several online retailers by a collective of at least six attacker groups.
Source: https://threatpost.com/website-know-thyself-what-code-are-you-serving/150257/