Hackers target Newegg with “sophisticated malware”; steal credit card data

At the moment, it is unclear how many Newegg customers have been impacted.

The IT security researchers at RiskIQ and Volexity have announced that Newegg Inc., an online retailer of items including computer hardware and consumer electronics has become a victim of a cyber attack in which hackers have stolen credit card details of its customers.

According to two separate blog posts (1 & 2) by RiskIQ and Volexity, the cyber attack took place on August 16, 2018, and all those customers who used their credit cards between August 14 and September 18 of this year have been impacted after hackers infected Newegg’s website with what the company has defined as a sophisticated malware.

Furthermore, researchers have revealed that the hacking group behind this feat was Magecart who has been active for years and recently made headlines for successfully hacking British Airways and stealing private and financial data of 380,000 customers a couple of weeks ago. Moreover, the same group also targeted TicketMaster UK with a malware in June this year. 

In the attack against Newegg, the group used a malicious JavaScript on the “secure.newegg.com” domain to steal banking data during the checkout process. Newegg’s has defined it as a “sophisticated malware.”

Hackers target Newegg with "sophisticated malware"; steal credit card data
Screenshot of the malicious code injected by hackers on Newegg’s website (Image credit: RiskIQ)

“The breach of Newegg shows the true extent of Magecart operators’ reach. These attacks are not confined to certain geolocations or specific industries—any organization that processes payments online is a target. The elements of the British Airways attacks were all present in the attack on Newegg: they integrated with the victim’s payment system and blended with the infrastructure, staying there as long as possible,” wrote Yonathan Klijnsma of RiskIQ in their blog post.

Newegg, on the other hand, has also acknowledged the hack in a tweet and email notification to its customers. The company also plans to publish an FAQ that will address the issue.

According to emails sent by Newegg to its customers “Yesterday, we learned one of our servers has been injected with malware which may have allowed some of your information to be acquired or accessed by a third party. The malware was quite sophisticated and we are conducting extensive research to determine exactly what information may have been acquired or accessed and how many customers may have been impacted.” 

At the time of publishing this article; the malicious code was removed from Newegg’s website. However, if you are a Newegg customer and used your credit/debit card on its website between August 14 and September 18; get in touch with your bank right now and keep an eye on your bank statement along with transactions.

Related Posts