Share This:

What is the Issue?

The online retailer Newegg confirmed on Wednesday that credit card information from customers had been stolen using a sophisticated attack. Hackers injected 15 lines of card skimming code on the online retailer’s payments page; the code siphoned off credit card data from customers to a server controlled by the hackers with a similar domain name. The use of a similar domain name and that the server used an HTTPS certificate aided in avoiding detection.

Why is this noteworthy?

Newegg receives over 50 million visitors per month and the skimmer code was in use for over a month; between August 14 and September 18. Therefore, the skimmer code potentially could have stolen millions of user’s credentials. The attack was executed by a well-known hacking group Magecart, which has been active since 2015; the group is responsible for past hacks including the ABS-CBN online store hack, Ticketmaster breach, and more recently the British Airways hack.

What is the exposure or risk?

Any individual that made an online transaction on Newegg’s website or mobile application during the period of August 14 and September 18 should consider that their credentials were likely stolen. Stolen credentials can lead to identity theft, financial loss, further sensitive data theft, and more.

What are the recommendations?

SKOUT recommends if you have used Newegg’s website or mobile application you should change online passwords, monitor banking, and contact your bank/credit company to request for a new card.
References:
If you have any questions, please contact our Security Operations Center.

Share This:

Posted by Doris Au

Doris is a product marketing manager at Barracuda MSP. In this position, she is responsible for connecting managed service providers with multi-layered security and data protection products that can protect their customers from today’s advanced cyber threats.

Leave a reply

Your email address will not be published.