Welcome Stranger to OCC!Login | Register

Newegg Apparently Hit by Magecart Attack from August 14 to September 18

Category: General News
Posted: 09:25AM
Author:

If you made a purchase at Newegg from August 14 to September 18, you may want to get in contact with your bank or whatever payment service you used as it appears the site was attacked by Magecart during that time period. You may have heard of Magecart before as this attack vector was used against British Airways to skim information on potentially 380,000 victims.

The attack was carried out by placing malicious JavaScript into Newegg's checkout page, so by this time users would have already filled out the form asking for payment information and that information would then be submitted. The code, some 8 or 15 lines of script depending on if you beautify it, would send the payment information to neweggstats.com for the attackers to collect. This domain was registered on August 13 and an SSL certificate for it was created the same day, but it appears the skimming code was not active until August 14 or perhaps August 16. However, it was not until September 18 that RiskIQ and Volexity, the two cybersecurity companies that together found the attack, note the malicious code was removed.

Something both RiskIQ and Volexity note about Magecart is how it is demonstrating that even self-hosted scripts are not immune from attackers. Likely these attacks will continue to evolve as well with more JavaScript-based Data Theft Frameworks being developed and deployed.

Source: RiskIQ and Volexity



Register as a member to subscribe comments.
That_Guy on September 19, 2018 17:57

Sneaky! Thank you for sharing, I often buy parts on Newegg and haven't heard about the attack up until now. Luckily, I haven't purchased anything within the date range but still nice to know

Braegnok on September 19, 2018 18:57

+1,.. I did not get any heads up from the egg,.. or know anything about my payment information being at risk till reading it here on OCC.

Guest_Jim_* on September 19, 2018 19:56

I too haven't gotten any notification from Newegg and they do not have anything in their newsroom about it either, but they did put something up on Twitter:

Yesterday we learned one of our servers had been injected with malware which was identified and removed from our site. We’re conducting extensive research to determine exactly what info was obtained and are sending emails to customers potentially impacted. Please check your email

 

I have Facebook blocked so I can't check there, but it is definitely frustrating that one would need to follow them on Twitter to be aware of this, without seeing the news elsewhere, or wait for an email to arrive. I'll try to let you know when it arrives though, since I did make a purchase in that time frame (September 1).

Braegnok on September 20, 2018 06:04

Thanks Jim, hope things work out well with the purchase you made on September 1,..   :(

 

I logged into my Newegg account this morning and removed all my auto-billing info.

road-runner on September 20, 2018 13:29

I took the check out that box or put in I cant remember that tells it to save credit card info long time ago. My number has been compromised 4 or 5 times through the years I have to go to the bank and get a new card.

 

I wished all website would not store the info or had a option to not store it. If they choose to store then they should be responsible. I have always heard there are two kinds of websites those that know they been hacked and those that dont know it yet..

Guest_Jim_* on September 20, 2018 13:37

From what I understand, this attack would not compromise any saved payment information, but what was actually put in for the purchase, so it is only those who made a purchase that are in danger. I could be wrong, and it would be nice if I am as I do not have Newegg save that information.

By the way, still no email from Newegg and nothing in their newsroom either.

Braegnok on September 21, 2018 16:51

I too haven't gotten any notification from Newegg and they do not have anything in their newsroom about it either, but they did put something up on Twitter:

Yesterday we learned one of our servers had been injected with malware which was identified and removed from our site. We’re conducting extensive research to determine exactly what info was obtained and are sending emails to customers potentially impacted. Please check your email

 

I have Facebook blocked so I can't check there, but it is definitely frustrating that one would need to follow them on Twitter to be aware of this, without seeing the news elsewhere, or wait for an email to arrive. I'll try to let you know when it arrives though, since I did make a purchase in that time frame (September 1).

 

The Twitter post looks like a lawyer wrote it,..  :rtfm:  for all we know 10-servers were attacked,.. and exactly what info was obtained will never be posted.

 

Best policy as a customer is to not store your billing info on any sites,.. I'm guilty of being lazy and using the auto-billing and auto-mailing/shipping info on a few sites but felt safe using PayPal payment with a re-loadable Visa debit card.

 

I went ahead and removed all my auto-billing info from every site I shop at online except for Ebay, the other morning,.. you never know any more till it's too late if a site you shop at online is being responsible with your information or who can gain access to the servers with billing info.

Guest_Jim_* on September 24, 2018 23:53

Quick update:

Got my new card today. Have yet to receive any communication from Newegg about the breach and my information potentially being compromised. This is not the order these events should have.

road-runner on September 25, 2018 01:14

I did not buy anything from them at that time but shop online a lot. Got a call sunday from fraud division my bank someone was trying again this is about the 6 or 7th time its happened had to go get a new card today. At least there fraud usually blocks them


© 2001-2018 Overclockers Club ® Privacy Policy
Elapsed: 0.1864190102   (xlweb1)