Newegg users’ credit card info breached in month-long data hack

The culprits are the same group behind the British Airways and Ticketmaster breaches

Online hardware retailer Newegg has suffered a large-scale payment data breach, which exposed customers' credit card details to hackers for an entire month.

The attackers look to be the same as those behind the British Airways and Ticketmaster UK breaches earlier this month, with researchers referring to the group as Magecart.

Advertisement - Article continues below

"We can assume this attack claimed a massive number of victims," said threat management firm RiskIQ, which exposed the breach along with the security research company Volexity.

The full scope of the attack is not yet known, although Newegg has sent an email to customers informing them of the hack, and that the company is "conducting extensive research" to determine what data was accessed. It promised an FAQ on the breach by 21 September.

IT Pro has contacted Newegg for comment.

The hackers injected 15 lines of Javascript to Newegg's payment page, which skimmed credit card data on desktop and mobile between 14 August and 18 September, when the company eventually shut down the code.

The base code behind the attack was the same as that used in the British Airways breach, with only minor changes made to the form needed to serialise payment information, and the server to send that information to.

Credit: RiskIQ

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

According to RiskIQ, which also uncovered the code behind the British Airways breach, the Magecart hackers registered a domain neweggstats.com through Namecheap. On 14 August, the attackers changed the destination of the domain to a drop server, which received the skimmed credit card information.

"While some Magecart groups still target smaller shops, the subgroup responsible for the attacks against Newegg and British Airways is particularly audacious," said RiskIQ's Yonathan Klijnsma, noting that that the highly targeted attacks use code that "seamlessly integrate into their targets' websites."

Newegg has close to 50 million monthly visitors, and even if a small percentage of that makes purchases, the amount of skimmed credit card information over several weeks could be substantial. The pattern of Magecart attacks in the last month also suggests the approach taken by the attackers is becoming increasingly popular. 

"Historically, threat actors deploying Magecart have targeted small businesses and so stayed largely under the radar," security expert Davey Winder told IT Pro.

"There appears to have been a shift to more audacious attacks, with less concern over stealth, and given the success of these exploits there's no reason to assume they will cease any time soon."

Advertisement

Recommended

Visit/security/vulnerability/355236/hp-support-assistant-flaws-leave-windows-devices-open-to-attack
vulnerability

HP Support Assistant flaws leave Windows devices open to attack

6 Apr 2020
Visit/security/cyber-security/355234/safari-bug-let-hackers-access-cameras-on-iphones-and-macs
cyber security

Safari bug let hackers access cameras on iPhones and Macs

6 Apr 2020
Visit/software/video-conferencing/355229/zoom-we-moved-too-fast
video conferencing

Zoom CEO admits company "moved too fast" as privacy issues mount

6 Apr 2020
Visit/security/internet-security/355228/mozilla-fixes-two-firefox-zero-days-being-actively-exploited
internet security

Mozilla fixes two Firefox zero-days being actively exploited

6 Apr 2020

Most Popular

Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/mobile/mobile-phones/355239/microsofts-patent-design-reveals-a-mobile-device-with-a-third-screen
Mobile Phones

Microsoft’s patent design reveals a mobile device with a third screen

6 Apr 2020
Visit/software/video-conferencing/355229/zoom-we-moved-too-fast
video conferencing

Zoom CEO admits company "moved too fast" as privacy issues mount

6 Apr 2020