Everything you need to know about Newegg Credit Card Breach

Reading time: Reading time 2 minutes

Newegg Credit Card Leak

Newegg.com security breach is among the latest to be reported where the online retailer has been hacked by Magecart, the same group that hacked British Airways and Ticketmaster. I think we can say with a fairly high confidence that this surely won't be their last.

Newegg is one of the large computer hardware and electronics retailers in the US. The security issue was exactly the same as what happened with the British Airways hack. The hack has been used to steal personal and financial data of customers and this has gone undetected for over a month.

According to the discovery made by cybersecurity solutions and services firm Volexity, malicious JavaScript was added to Newegg in mid-August. It appeared when moving to the billing information page during checkout where it siphoned off credit card data before sending it to the attackers over SSL / TLS via the domain neweggstats.com.

After Newegg credit card details were compromised, they have removed the infected code on September 18.

Given that Newegg.com gets over 50 million visitors a month, the damage caused is probably pretty large. The issue is that this was undetected and unreported for over a month.

It’s unclear exactly how many victims were hit although considering Newegg generated $2.65 billion in revenue in 2016 and has more than 50 million visitors a month, the figure is probably pretty large. All this was executed with just 15 lines of code.

Javascript based exploits and data thefts are not uncommon. In fact, they have been on the rise and many new and established businesses have been affected due to a lack of proactiveness and ability to detect such breaches. As e-commerce adoption increases, there will be increased motivation for hackers to use similar exploits for data theft.

Other Recent Hacks

Chile Bank Heist - Hackers had siphoned off $10 million from the country’s second-largest commercial bank, by using a virus as a distraction, prompting the bank to shut 9,000 computers in branches across the country to protect customer accounts.

SingHealth Hack - The hack on SingHealth was one of the biggest and sophisticated cybersecurity breaches where over 1.5 million records were stolen from the government healthcare database.

You can find the complete list of the latest cybersecurity breaches here - Biggest Data Breaches and Cyber Attacks of Q2 2018

For customers of Newegg, anyone who entered their credit card data during the period should immediately contact their banks and get their credit cards blocked and reissued. Even though you might not have been impacted right away there's a high probability that the hackers will sell this data in the dark web.

Be proactive. Stay safe.

Published on Sep 20, 2018
Subho Halder
Written by Subho Halder
Subho Halder is the CISO and Co-Founder of Appknox. He started his career researching Mobile Security. Currently, he helps businesses to detect and fix security vulnerabilities. He has also detected critical loopholes in companies like Google, Facebook, Apple, and others


Chat With Us

Using Other Product?

Switch to Appknox

2 Weeks Free Trial!

Get Started Now