Cyber Security

Attackers crack Newegg’s defenses, slurp customers’ credit card data

The skimmer, injected into the store’s payment page, harvested credit-card details from the store’s online customers for more than a month

The major electronics and computer hardware retailer Newegg has announced that attackers have compromised its online payments system, potentially scooping up buyers’ credit-card data over a period of more than a month.

“Yesterday we learned one of our servers had been injected with malware which was identified and removed from our site,” the company said in a statement on Twitter.

According to reports by threat management outfits RiskIQ and Volexity, which jointly uncovered the breach, the data exfiltration lasted from around August 14 to September 18. The attack relied on malicious JavaScript code that was injected into the store’s payment-processing page, where customers input their credit card details.

The malicious script, which worked on both the website’s desktop and mobile version, would then forward the data to a server with a (no longer active) domain. The domain, neweggstats.com, was designed to blend in with the legitimate newegg.com website, having been set up for that purpose – and with a valid HTTPS certificate at that – on August 13.

The attack has been attributed to a threat collective known as Magecart, which, according to RiskIQ, is also to blame for the recent breach at British Airways, as well as for the breach at Ticketmaster’s UK site.

The script, which only contains 15 lines, has been removed after RiskIQ and Volexity alerted Newegg to the compromise. While customized to steal data from the Newegg website, the script is similar to the one leveraged in the British Airways compromise, said Volexity.

It’s unclear at this point how many people have been affected. Newegg.com is the 164th most popular website in the US, according to Alexa, and it receives some 50 million visitors per month. Anybody who made a purchase on the website between August 14 and September 18 should keep their eyes peeled for any suspicious activity on their bank accounts.





Articles You May Like

Iranian Hackers Exploit PLCs in Attack on Water Authority in U.S.
Sam Altman returns to OpenAI, Apple adopts RCS, and Binance’s CEO pleads guilty to charges
Experts Uncover Passive Method to Extract Private RSA Keys from SSH Connections
New ‘HrServ.dll’ Web Shell Detected in APT Attack Targeting Afghan Government
Cybercriminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale

Leave a Reply

Your email address will not be published. Required fields are marked *