Jump to content
Guest_Jim_*

Newegg Apparently Hit by Magecart Attack from August 14 to September 18

Recommended Posts

If you made a purchase at Newegg from August 14 to September 18, you may want to get in contact with your bank or whatever payment service you used as it appears the site was attacked by Magecart during that time period. You may have heard of Magecart before as this attack vector was used against British Airways to skim information on potentially 380,000 victims.

The attack was carried out by placing malicious JavaScript into Newegg's checkout page, so by this time users would have already filled out the form asking for payment information and that information would then be submitted. The code, some 8 or 15 lines of script depending on if you beautify it, would send the payment information to neweggstats.com for the attackers to collect. This domain was registered on August 13 and an SSL certificate for it was created the same day, but it appears the skimming code was not active until August 14 or perhaps August 16. However, it was not until September 18 that RiskIQ and Volexity, the two cybersecurity companies that together found the attack, note the malicious code was removed.

Something both RiskIQ and Volexity note about Magecart is how it is demonstrating that even self-hosted scripts are not immune from attackers. Likely these attacks will continue to evolve as well with more JavaScript-based Data Theft Frameworks being developed and deployed.

Source: RiskIQ and Volexity



Back to original news post

Share this post


Link to post
Share on other sites

Sneaky! Thank you for sharing, I often buy parts on Newegg and haven't heard about the attack up until now. Luckily, I haven't purchased anything within the date range but still nice to know

Edited by That_Guy

Share this post


Link to post
Share on other sites

+1,.. I did not get any heads up from the egg,.. or know anything about my payment information being at risk till reading it here on OCC.

Edited by Braegnok

Share this post


Link to post
Share on other sites

I too haven't gotten any notification from Newegg and they do not have anything in their newsroom about it either, but they did put something up on Twitter:

Yesterday we learned one of our servers had been injected with malware which was identified and removed from our site. We

Share this post


Link to post
Share on other sites

Thanks Jim, hope things work out well with the purchase you made on September 1,..   :(

 

I logged into my Newegg account this morning and removed all my auto-billing info.

Edited by Braegnok

Share this post


Link to post
Share on other sites

I took the check out that box or put in I cant remember that tells it to save credit card info long time ago. My number has been compromised 4 or 5 times through the years I have to go to the bank and get a new card.

 

I wished all website would not store the info or had a option to not store it. If they choose to store then they should be responsible. I have always heard there are two kinds of websites those that know they been hacked and those that dont know it yet..

Share this post


Link to post
Share on other sites

From what I understand, this attack would not compromise any saved payment information, but what was actually put in for the purchase, so it is only those who made a purchase that are in danger. I could be wrong, and it would be nice if I am as I do not have Newegg save that information.

By the way, still no email from Newegg and nothing in their newsroom either.

Share this post


Link to post
Share on other sites

I too haven't gotten any notification from Newegg and they do not have anything in their newsroom about it either, but they did put something up on Twitter:

Yesterday we learned one of our servers had been injected with malware which was identified and removed from our site. We

Share this post


Link to post
Share on other sites

Quick update:

Got my new card today. Have yet to receive any communication from Newegg about the breach and my information potentially being compromised. This is not the order these events should have.

Share this post


Link to post
Share on other sites

I did not buy anything from them at that time but shop online a lot. Got a call sunday from fraud division my bank someone was trying again this is about the 6 or 7th time its happened had to go get a new card today. At least there fraud usually blocks them

Share this post


Link to post
Share on other sites

Yeah, its a thread necro, but I'm keeping my promise to let people know when I get anything from Newegg. Today in the mail I got a letter informing me of the attack. The letter is dated November 15 so almost two months after the discovery of this attack was I sent a notification of it, and by mail without any electronic version or counterpart informing me of it coming. Back in September when I had contacted Newegg customer service about this, I was told:

We have sent out emails to the customers that were worried that was more affected by the breach. Rest assured if you were attack by the breach you would have received an email from us explaining what happened.

 

Based on this letter though, it appears I was right to not 'rest assured.'

By the way, the letter does state that on October 15, after an investigation of the attack, it was concluded that information potentially collected could include name, address, payment card number, expiration date, and card security code for the customer. I retyped the letter below, but I did so in Word and was not watching for if it auto-corrected to a mistake.

 

Newegg understands the importance of protecting our customers

Share this post


Link to post
Share on other sites

I noticed long ago they were charging Titan prices for 1080 Ti cards, twice the retail price for memory kits,.. and when they changed there bitcoin policy that was the end of my buying from the egg.  :yucky:

 

$699.00 card retail, $1,390.  https://www.newegg.com/Product/Product.aspx?Item=9SIAE8D8EG9319

 

$269.99 memory kit, $626.29.  https://www.newegg.com/Product/Product.aspx?Item=9SIAGGN78S5536

Edited by Braegnok

Share this post


Link to post
Share on other sites

×