Jump to content


Photo

Newegg Apparently Hit by Magecart Attack from August 14 to September 18


12 replies to this topic

#1 Guest_Jim_*

Guest_Jim_*

    ANTITHAT

  • News Editor
  • PipPipPipPipPipPip
  • 9272 posts
  • Gender:Male

Posted 19 September 2018 - 08:25 AM

If you made a purchase at Newegg from August 14 to September 18, you may want to get in contact with your bank or whatever payment service you used as it appears the site was attacked by Magecart during that time period. You may have heard of Magecart before as this attack vector was used against British Airways to skim information on potentially 380,000 victims.

The attack was carried out by placing malicious JavaScript into Newegg's checkout page, so by this time users would have already filled out the form asking for payment information and that information would then be submitted. The code, some 8 or 15 lines of script depending on if you beautify it, would send the payment information to neweggstats.com for the attackers to collect. This domain was registered on August 13 and an SSL certificate for it was created the same day, but it appears the skimming code was not active until August 14 or perhaps August 16. However, it was not until September 18 that RiskIQ and Volexity, the two cybersecurity companies that together found the attack, note the malicious code was removed.

Something both RiskIQ and Volexity note about Magecart is how it is demonstrating that even self-hosted scripts are not immune from attackers. Likely these attacks will continue to evolve as well with more JavaScript-based Data Theft Frameworks being developed and deployed.

Source: RiskIQ and Volexity



Back to original news post

#2 That_Guy

That_Guy

    Member

  • Members
  • PipPip
  • 265 posts
  • Gender:Male
  • Location:Nantucket, MA

Posted 19 September 2018 - 09:57 AM

Sneaky! Thank you for sharing, I often buy parts on Newegg and haven't heard about the attack up until now. Luckily, I haven't purchased anything within the date range but still nice to know


Edited by That_Guy, 19 September 2018 - 02:01 PM.

There are two kinds of people in this world: those who can extrapolate from an incomplete data...


#3 Braegnok

Braegnok

    Nimrod

  • Folding Member
  • 1514 posts
  • Gender:Male
  • Location:Colorado USA

Posted 19 September 2018 - 10:57 AM

+1,.. I did not get any heads up from the egg,.. or know anything about my payment information being at risk till reading it here on OCC.


Edited by Braegnok, 19 September 2018 - 11:31 AM.

Intel Core i7-9700K 

ASUS Maximus X APEX

G.SKILL 32GB DDR4

GeForce RTX 2080 Ti

SeaSonic SSR-1000PD

Corsair H115i Extreme


#4 Guest_Jim_*

Guest_Jim_*

    ANTITHAT

  • News Editor
  • PipPipPipPipPipPip
  • 9272 posts
  • Gender:Male

Posted 19 September 2018 - 11:56 AM

I too haven't gotten any notification from Newegg and they do not have anything in their newsroom about it either, but they did put something up on Twitter:

Yesterday we learned one of our servers had been injected with malware which was identified and removed from our site. We’re conducting extensive research to determine exactly what info was obtained and are sending emails to customers potentially impacted. Please check your email

 

I have Facebook blocked so I can't check there, but it is definitely frustrating that one would need to follow them on Twitter to be aware of this, without seeing the news elsewhere, or wait for an email to arrive. I'll try to let you know when it arrives though, since I did make a purchase in that time frame (September 1).


Processor: AMD Ryzen Threadripper 1950X @ 3.8 GHz
Cooling: Corsair H110 AIO
Motherboard: ASUS Zenith Extreme
GPU: AMD RX Vega 64 (Stock @ 0.965 V +50% Power Limit)
Memory: G.Skill TridentZ 4x8 GB (32 GB) @ 3200 MHz 14-14-14-28
PSU: OCZ Fata1ty 750 W
OS: Windows 10 Pro 64-bit

GitHub OCC-OCAT script repository
Regular Saturday game stream at YouTube - OCC Live (forum thread)
Personal streaming YouTube - GuestJimOCC Live

The Body on Games (YouTube, Release Calendar, Blog, and Patreon)


#5 Braegnok

Braegnok

    Nimrod

  • Folding Member
  • 1514 posts
  • Gender:Male
  • Location:Colorado USA

Posted 19 September 2018 - 10:04 PM

Thanks Jim, hope things work out well with the purchase you made on September 1,..   :(

 

I logged into my Newegg account this morning and removed all my auto-billing info.


Edited by Braegnok, 19 September 2018 - 10:06 PM.

Intel Core i7-9700K 

ASUS Maximus X APEX

G.SKILL 32GB DDR4

GeForce RTX 2080 Ti

SeaSonic SSR-1000PD

Corsair H115i Extreme


#6 road-runner

road-runner

    Posting Machine

  • Folding Member
  • 11362 posts
  • Gender:Male
  • Location:Texas

Posted 20 September 2018 - 05:29 AM

I took the check out that box or put in I cant remember that tells it to save credit card info long time ago. My number has been compromised 4 or 5 times through the years I have to go to the bank and get a new card.

 

I wished all website would not store the info or had a option to not store it. If they choose to store then they should be responsible. I have always heard there are two kinds of websites those that know they been hacked and those that dont know it yet..



I7-6900K Asus X99 Deluxe 2 Corsair Vengeance 32Gb Intel 750 400gb  2- 1080ti

 

sigimage.gif


#7 Guest_Jim_*

Guest_Jim_*

    ANTITHAT

  • News Editor
  • PipPipPipPipPipPip
  • 9272 posts
  • Gender:Male

Posted 20 September 2018 - 05:37 AM

From what I understand, this attack would not compromise any saved payment information, but what was actually put in for the purchase, so it is only those who made a purchase that are in danger. I could be wrong, and it would be nice if I am as I do not have Newegg save that information.

By the way, still no email from Newegg and nothing in their newsroom either.


Processor: AMD Ryzen Threadripper 1950X @ 3.8 GHz
Cooling: Corsair H110 AIO
Motherboard: ASUS Zenith Extreme
GPU: AMD RX Vega 64 (Stock @ 0.965 V +50% Power Limit)
Memory: G.Skill TridentZ 4x8 GB (32 GB) @ 3200 MHz 14-14-14-28
PSU: OCZ Fata1ty 750 W
OS: Windows 10 Pro 64-bit

GitHub OCC-OCAT script repository
Regular Saturday game stream at YouTube - OCC Live (forum thread)
Personal streaming YouTube - GuestJimOCC Live

The Body on Games (YouTube, Release Calendar, Blog, and Patreon)


#8 Braegnok

Braegnok

    Nimrod

  • Folding Member
  • 1514 posts
  • Gender:Male
  • Location:Colorado USA

Posted 21 September 2018 - 08:51 AM

I too haven't gotten any notification from Newegg and they do not have anything in their newsroom about it either, but they did put something up on Twitter:

Yesterday we learned one of our servers had been injected with malware which was identified and removed from our site. We’re conducting extensive research to determine exactly what info was obtained and are sending emails to customers potentially impacted. Please check your email

 

I have Facebook blocked so I can't check there, but it is definitely frustrating that one would need to follow them on Twitter to be aware of this, without seeing the news elsewhere, or wait for an email to arrive. I'll try to let you know when it arrives though, since I did make a purchase in that time frame (September 1).

 

The Twitter post looks like a lawyer wrote it,..  :rtfm:  for all we know 10-servers were attacked,.. and exactly what info was obtained will never be posted.

 

Best policy as a customer is to not store your billing info on any sites,.. I'm guilty of being lazy and using the auto-billing and auto-mailing/shipping info on a few sites but felt safe using PayPal payment with a re-loadable Visa debit card.

 

I went ahead and removed all my auto-billing info from every site I shop at online except for Ebay, the other morning,.. you never know any more till it's too late if a site you shop at online is being responsible with your information or who can gain access to the servers with billing info.


Intel Core i7-9700K 

ASUS Maximus X APEX

G.SKILL 32GB DDR4

GeForce RTX 2080 Ti

SeaSonic SSR-1000PD

Corsair H115i Extreme


#9 Guest_Jim_*

Guest_Jim_*

    ANTITHAT

  • News Editor
  • PipPipPipPipPipPip
  • 9272 posts
  • Gender:Male

Posted 24 September 2018 - 03:53 PM

Quick update:

Got my new card today. Have yet to receive any communication from Newegg about the breach and my information potentially being compromised. This is not the order these events should have.


Processor: AMD Ryzen Threadripper 1950X @ 3.8 GHz
Cooling: Corsair H110 AIO
Motherboard: ASUS Zenith Extreme
GPU: AMD RX Vega 64 (Stock @ 0.965 V +50% Power Limit)
Memory: G.Skill TridentZ 4x8 GB (32 GB) @ 3200 MHz 14-14-14-28
PSU: OCZ Fata1ty 750 W
OS: Windows 10 Pro 64-bit

GitHub OCC-OCAT script repository
Regular Saturday game stream at YouTube - OCC Live (forum thread)
Personal streaming YouTube - GuestJimOCC Live

The Body on Games (YouTube, Release Calendar, Blog, and Patreon)


#10 road-runner

road-runner

    Posting Machine

  • Folding Member
  • 11362 posts
  • Gender:Male
  • Location:Texas

Posted 24 September 2018 - 05:14 PM

I did not buy anything from them at that time but shop online a lot. Got a call sunday from fraud division my bank someone was trying again this is about the 6 or 7th time its happened had to go get a new card today. At least there fraud usually blocks them



I7-6900K Asus X99 Deluxe 2 Corsair Vengeance 32Gb Intel 750 400gb  2- 1080ti

 

sigimage.gif


#11 Guest_Jim_*

Guest_Jim_*

    ANTITHAT

  • News Editor
  • PipPipPipPipPipPip
  • 9272 posts
  • Gender:Male

Posted 21 November 2018 - 01:38 PM

Yeah, its a thread necro, but I'm keeping my promise to let people know when I get anything from Newegg. Today in the mail I got a letter informing me of the attack. The letter is dated November 15 so almost two months after the discovery of this attack was I sent a notification of it, and by mail without any electronic version or counterpart informing me of it coming. Back in September when I had contacted Newegg customer service about this, I was told:

We have sent out emails to the customers that were worried that was more affected by the breach. Rest assured if you were attack by the breach you would have received an email from us explaining what happened.

 

Based on this letter though, it appears I was right to not 'rest assured.'

By the way, the letter does state that on October 15, after an investigation of the attack, it was concluded that information potentially collected could include name, address, payment card number, expiration date, and card security code for the customer. I retyped the letter below, but I did so in Word and was not watching for if it auto-corrected to a mistake.

Spoiler

You know, before getting this letter I was comfortable not thinking about this incident any more, but still keeping a preference against shopping at Newegg. Maybe since I never received that email, it was possible I was not affected, according to Newegg's records, but now that I have this I am even less inclined to purchase anything from them again. This isn't about if my information was or was not collected, but that this letter and only this letter was sent to me, and almost two months after the incident, and one month after the investigation finished.


Processor: AMD Ryzen Threadripper 1950X @ 3.8 GHz
Cooling: Corsair H110 AIO
Motherboard: ASUS Zenith Extreme
GPU: AMD RX Vega 64 (Stock @ 0.965 V +50% Power Limit)
Memory: G.Skill TridentZ 4x8 GB (32 GB) @ 3200 MHz 14-14-14-28
PSU: OCZ Fata1ty 750 W
OS: Windows 10 Pro 64-bit

GitHub OCC-OCAT script repository
Regular Saturday game stream at YouTube - OCC Live (forum thread)
Personal streaming YouTube - GuestJimOCC Live

The Body on Games (YouTube, Release Calendar, Blog, and Patreon)


#12 Braegnok

Braegnok

    Nimrod

  • Folding Member
  • 1514 posts
  • Gender:Male
  • Location:Colorado USA

Posted 21 November 2018 - 05:26 PM

I noticed long ago they were charging Titan prices for 1080 Ti cards, twice the retail price for memory kits,.. and when they changed there bitcoin policy that was the end of my buying from the egg.  :yucky:

 

$699.00 card retail, $1,390.  https://www.newegg.c...=9SIAE8D8EG9319

 

$269.99 memory kit, $626.29.  https://www.newegg.c...=9SIAGGN78S5536


Edited by Braegnok, 21 November 2018 - 07:03 PM.

Intel Core i7-9700K 

ASUS Maximus X APEX

G.SKILL 32GB DDR4

GeForce RTX 2080 Ti

SeaSonic SSR-1000PD

Corsair H115i Extreme




Reply to this topic