What is the Issue?
Why is this noteworthy?
Newegg receives over 50 million visitors per month and the skimmer code was in use for over a month; between August 14 and September 18. Therefore, the skimmer code potentially could have stolen millions of user’s credentials. The attack was executed by a well-known hacking group Magecart, which has been active since 2015; the group is responsible for past hacks including the ABS-CBN online store hack, Ticketmaster breach, and more recently the British Airways hack.
What is the exposure or risk?
Any individual that made an online transaction on Newegg’s website or mobile application during the period of August 14 and September 18 should consider that their credentials were likely stolen. Stolen credentials can lead to identity theft, financial loss, further sensitive data theft, and more.