Newegg is now clearing up and fixing its website after a month-long data breach.
Newegg is one of the largest retailers in the US, having a profit of $2.65 billion just in 2016. The company manages to get more than 45 million monthly unique visitors.
The data breach was in fact 15 lines of injected card skimming code in the online retailer’s payments page. The code was used to extract credit card data from unsuspecting customers to a server controlled by the hackers; the server used a similar domain name that was even protected by an HTTPS certificate to blend in to avoid detection.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
The code affected both desktop and mobile customers — but for the moment it’s unclear if mobile customers are affected or not.
The online electronics retailer removed the code after it discovered the card skimming malware on their site.
Newegg chief executive Danny Lee said to costumes that the company has “not yet determined which customer accounts may have been affected.”
This is just “another well-disguised attack” that is near-identical to the recent British Airways credit card breach, and, the Ticketmaster breach.
The Newegg credit card theft is most probably the opera of the Magecart hacker group – a collective of hackers that carry out targeted attacks against vulnerable websites. This is a fact because the code used in both skimming attacks was near identical, according to the research.
Like previous card skimming campaigns, hackers integrated their malware with the victim’s payment system and blended with the infrastructure and stayed there as long as possible.
Be advised! Anyone who entered their credit card data during the period 18 August – 18 September 2018 on Newegg’s site should immediately contact their banks.
We will continue to monitor this cyber theft. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.