Newegg Inc. Suffers Hack, Credit Card Data Stolen
Newegg Inc., the leading online electronics retailer, has suffered a massive hack, with credit card data being stolen in large numbers.
It was an attack by the Magecart group that had caused the data breach, involving stealing of credit card data used for customer payments for over a month.
In fact, with this attack, newegg.com finds its place among some other high-profile eCommerce portals that have fallen victim to the financial theft group Magecart. The group, which specializes in skimming credit card details from unsecured payment forms on eCommerce websites, had recently carried out attacks at Ticketmaster Inc. and British Airways.
Security firm RiskIQ Inc., in a post that details the Newegg attack, says, “While the dust is settling on the British Airways compromise, the Magecart actor behind it has not stopped their work, hitting yet another large merchant: Newegg.”
RiskIQ Inc. has come out with the post after conducting a research, in collaboration with Volexity; the research involved analyzing the Magecart attacks using unique capabilities and datasets that RiskIQ Inc. has.
The Newegg hack had started on August 14, it involved injecting 15 lines of code into the payments page in Newegg’s website and mobile application.
In a detailed report, SiliconANGLE.com explains how the hack was carried out. The report says, “As with the recent Ticketmaster Inc. and British Airways airways hacks, the hackers placed the script to intercept credit card data on the final checkout page…The process, called “web-based card skimming,” saw the data sent to a server of a similarly named domain, in this case neweggstats.com. It came complete with an HTTPS certificate controlled by the hackers, obfuscating the fact that the credit data was being stolen.”
The researchers probing the incident confirmed how the hack was similar to the British Airways hack. The RiskIQ Inc. post explains, “The skimmer code is recognizable from the British Airways incident, with the same basecode. All the attackers changed is the name of the form it needs to serialize to obtain payment information and the server to send it to, this time themed with Newegg instead of British Airways. In the case of Newegg, the skimmer was smaller because it only had to serialize one form and therefore condensed down to a tidy 15 lines of script”
Newegg has confirmed the incident; the company has initiated the process of informing its customers. The company has confirmed that there had been a malware strike, following which some information might have been breached. The company is yet to ascertain which customer accounts could have been affected. Still, customers have been alerted and asked to keep an eye on their accounts for suspicious activities. Investigations are on; Newegg would soon come out with more details.
Though it has not been clarified as to how big a hack it is, an observation by RiskIQ could make us think as to how large the hack, which went on for over a month, could be. The RiskIQ post observes, “With the size of the business evaluated at $2.65 billion in 2016, Newegg is an extremely popular retailer. Alexa shows that Newegg has the 161st most popular site in the U.S. and Similarweb, which also gathers information on site visits, estimates Newegg receives over 50 million visitors a month. Over an entire month of skimming, we can assume this attack claimed a massive number of victims.”
Julia Sowells960 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.