NewEgg got hacked, attackers got hands on credit card data

Posted on Thursday, September 20 2018 @ 14:38 CEST by Thomas De Maesschalck
Popular computer part e-tailer NewEgg got hit by an attack. A hacker group known as Magecart managed to hack NewEgg's website and injected 15 lines of JavaScript code into the webshop's checkout module. The script forwarded credit card and other data to a third-party web server. Based on current reports, it looks like the site got hacked around August 16. NewEgg didn't notice the hack until September 18.
Details of the breach were reported by the security research firms RiskIQ (which exposed the code behind the British Airways attack) and Volexity Threat Research today. The attack was shut down by NewEgg on September 18, but it appears to have been actively siphoning off payment data since August 16, according to reports from the security researchers. Yonathan Klijnsma, head researcher at RiskIQ, said that the methods and code used are virtually identical to the attack on British Airways—while the Ticketmaster breach was caused by code injected from a third-party service provider, both the BA breach and the NewEgg attack were the result of a compromise of JavaScript libraries hosted by the companies themselves.
NewEgg is investigating the matter and promises to publish a FAQ page on Friday. Customer accounts that are at risk will be notified as soon as possible.

Via: ARS Technica

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.


Loading Comments

Share this story!

Latest news

Latest reviews