Newegg Credit Card Leak
Newegg.com security breach is among the latest to be reported where the online retailer has been hacked by Magecart, the same group that hacked British Airways and Ticketmaster. I think we can say with a fairly high confidence that this surely won't be their last.
Newegg is one of the large computer hardware and electronics retailers in the US. The security issue was exactly the same as what happened with the British Airways hack. The hack has been used to steal personal and financial data of customers and this has gone undetected for over a month.
According to the discovery made by cybersecurity solutions and services firm Volexity, malicious JavaScript was added to Newegg in mid-August. It appeared when moving to the billing information page during checkout where it siphoned off credit card data before sending it to the attackers over SSL / TLS via the domain neweggstats.com.
After Newegg credit card details were compromised, they have removed the infected code on September 18.
Given that Newegg.com gets over 50 million visitors a month, the damage caused is probably pretty large. The issue is that this was undetected and unreported for over a month.
It’s unclear exactly how many victims were hit although considering Newegg generated $2.65 billion in revenue in 2016 and has more than 50 million visitors a month, the figure is probably pretty large. All this was executed with just 15 lines of code.
Javascript based exploits and data thefts are not uncommon. In fact, they have been on the rise and many new and established businesses have been affected due to a lack of proactiveness and ability to detect such breaches. As e-commerce adoption increases, there will be increased motivation for hackers to use similar exploits for data theft.
Other Recent Hacks
Chile Bank Heist - Hackers had siphoned off $10 million from the country’s second-largest commercial bank, by using a virus as a distraction, prompting the bank to shut 9,000 computers in branches across the country to protect customer accounts.
SingHealth Hack - The hack on SingHealth was one of the biggest and sophisticated cybersecurity breaches where over 1.5 million records were stolen from the government healthcare database.
You can find the complete list of the latest cybersecurity breaches here - Biggest Data Breaches and Cyber Attacks of Q2 2018
For customers of Newegg, anyone who entered their credit card data during the period should immediately contact their banks and get their credit cards blocked and reissued. Even though you might not have been impacted right away there's a high probability that the hackers will sell this data in the dark web.
Be proactive. Stay safe.