Cybersecurity Threat Advisory: Newegg Data Breach Left Customer Credit Cards Exposed

The online retailer Newegg confirmed on Wednesday that credit card information from customers had been stolen using a sophisticated attack. Hackers injected 15 lines of card skimming code on the online retailer’s payments page; the code siphoned off credit card data from customers to a server controlled by the hackers with a similar domain name. The use of a similar domain name and that the server used an HTTPS certificate aided in avoiding detection.

Newegg receives over 50 million visitors per month and the skimmer code was in use for over a month; between August 14 and September 18. Therefore, the skimmer code potentially could have stolen millions of user’s credentials. The attack was executed by a well-known hacking group Magecart, which has been active since 2015; the group is responsible for past hacks including the ABS-CBN online store hack, Ticketmaster breach, and more recently the British Airways hack.

Any individual that made an online transaction on Newegg’s website or mobile application during the period of August 14 and September 18 should consider that their credentials were likely stolen. Stolen credentials can lead to identity theft, financial loss, further sensitive data theft, and more.

SKOUT recommends if you have used Newegg’s website or mobile application you should change online passwords, monitor banking, and contact your bank/credit company to request for a new card.

1. https://techcrunch.com/2018/09/19/newegg-credit-card-data-breach/

2. https://gizmodo.com/newegg-data-breach-left-customer-credit-cards-exposed-f-1829180452

3. https://www.pcworld.com/article/3306722/security/newegg-confirms-credit-card-information-was-taken-in-a-sophisticated-attack.html

4. https://www.zdnet.com/article/magecart-claims-another-victim-in-newegg-merchant-data-theft/

If you have any questions, please contact our Security Operations Center.