Guest_Jim_* Posted September 19, 2018 Posted September 19, 2018 If you made a purchase at Newegg from August 14 to September 18, you may want to get in contact with your bank or whatever payment service you used as it appears the site was attacked by Magecart during that time period. You may have heard of Magecart before as this attack vector was used against British Airways to skim information on potentially 380,000 victims. The attack was carried out by placing malicious JavaScript into Newegg's checkout page, so by this time users would have already filled out the form asking for payment information and that information would then be submitted. The code, some 8 or 15 lines of script depending on if you beautify it, would send the payment information to neweggstats.com for the attackers to collect. This domain was registered on August 13 and an SSL certificate for it was created the same day, but it appears the skimming code was not active until August 14 or perhaps August 16. However, it was not until September 18 that RiskIQ and Volexity, the two cybersecurity companies that together found the attack, note the malicious code was removed. Something both RiskIQ and Volexity note about Magecart is how it is demonstrating that even self-hosted scripts are not immune from attackers. Likely these attacks will continue to evolve as well with more JavaScript-based Data Theft Frameworks being developed and deployed. Source: RiskIQ and Volexity Back to original news post Share this post Link to post Share on other sites More sharing options...
That_Guy Posted September 19, 2018 Posted September 19, 2018 (edited) Sneaky! Thank you for sharing, I often buy parts on Newegg and haven't heard about the attack up until now. Luckily, I haven't purchased anything within the date range but still nice to know Edited September 19, 2018 by That_Guy Share this post Link to post Share on other sites More sharing options...
Braegnok Posted September 19, 2018 Posted September 19, 2018 (edited) +1,.. I did not get any heads up from the egg,.. or know anything about my payment information being at risk till reading it here on OCC. Edited September 19, 2018 by Braegnok Share this post Link to post Share on other sites More sharing options...
Guest_Jim_* Posted September 19, 2018 Posted September 19, 2018 I too haven't gotten any notification from Newegg and they do not have anything in their newsroom about it either, but they did put something up on Twitter: Yesterday we learned one of our servers had been injected with malware which was identified and removed from our site. We Share this post Link to post Share on other sites More sharing options...
Braegnok Posted September 20, 2018 Posted September 20, 2018 (edited) Thanks Jim, hope things work out well with the purchase you made on September 1,.. I logged into my Newegg account this morning and removed all my auto-billing info. Edited September 20, 2018 by Braegnok Share this post Link to post Share on other sites More sharing options...
road-runner Posted September 20, 2018 Posted September 20, 2018 I took the check out that box or put in I cant remember that tells it to save credit card info long time ago. My number has been compromised 4 or 5 times through the years I have to go to the bank and get a new card. I wished all website would not store the info or had a option to not store it. If they choose to store then they should be responsible. I have always heard there are two kinds of websites those that know they been hacked and those that dont know it yet.. Share this post Link to post Share on other sites More sharing options...
Guest_Jim_* Posted September 20, 2018 Posted September 20, 2018 From what I understand, this attack would not compromise any saved payment information, but what was actually put in for the purchase, so it is only those who made a purchase that are in danger. I could be wrong, and it would be nice if I am as I do not have Newegg save that information. By the way, still no email from Newegg and nothing in their newsroom either. Share this post Link to post Share on other sites More sharing options...
Braegnok Posted September 21, 2018 Posted September 21, 2018 I too haven't gotten any notification from Newegg and they do not have anything in their newsroom about it either, but they did put something up on Twitter: Yesterday we learned one of our servers had been injected with malware which was identified and removed from our site. We Share this post Link to post Share on other sites More sharing options...
Guest_Jim_* Posted September 24, 2018 Posted September 24, 2018 Quick update: Got my new card today. Have yet to receive any communication from Newegg about the breach and my information potentially being compromised. This is not the order these events should have. Share this post Link to post Share on other sites More sharing options...
road-runner Posted September 25, 2018 Posted September 25, 2018 I did not buy anything from them at that time but shop online a lot. Got a call sunday from fraud division my bank someone was trying again this is about the 6 or 7th time its happened had to go get a new card today. At least there fraud usually blocks them Share this post Link to post Share on other sites More sharing options...
Guest_Jim_* Posted November 21, 2018 Posted November 21, 2018 Yeah, its a thread necro, but I'm keeping my promise to let people know when I get anything from Newegg. Today in the mail I got a letter informing me of the attack. The letter is dated November 15 so almost two months after the discovery of this attack was I sent a notification of it, and by mail without any electronic version or counterpart informing me of it coming. Back in September when I had contacted Newegg customer service about this, I was told: We have sent out emails to the customers that were worried that was more affected by the breach. Rest assured if you were attack by the breach you would have received an email from us explaining what happened. Based on this letter though, it appears I was right to not 'rest assured.' By the way, the letter does state that on October 15, after an investigation of the attack, it was concluded that information potentially collected could include name, address, payment card number, expiration date, and card security code for the customer. I retyped the letter below, but I did so in Word and was not watching for if it auto-corrected to a mistake. Newegg understands the importance of protecting our customers Share this post Link to post Share on other sites More sharing options...
Braegnok Posted November 22, 2018 Posted November 22, 2018 (edited) I noticed long ago they were charging Titan prices for 1080 Ti cards, twice the retail price for memory kits,.. and when they changed there bitcoin policy that was the end of my buying from the egg. $699.00 card retail, $1,390. https://www.newegg.com/Product/Product.aspx?Item=9SIAE8D8EG9319 $269.99 memory kit, $626.29. https://www.newegg.com/Product/Product.aspx?Item=9SIAGGN78S5536 Edited November 22, 2018 by Braegnok Share this post Link to post Share on other sites More sharing options...
Recommended Posts