• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

Sign in to follow this  

Newegg hit by same hacker group that targeted British Airways

Recommended Posts

webeagle12    944

Newegg is the latest online retailer to be targeted by Magecart, the data hacking group that also struck British Airways and Ticketmaster. Odds are, it probably won't be the last, either.


Computer hardware and electronics retailer Newegg has fallen victim to a data theft campaign that was nearly identical to the one recently used to swipe personal and financial data from British Airways customers.


According to cybersecurity solutions and services firm Volexity, malicious JavaScript was added to Newegg in mid-August. It appeared when moving to the billing information page during checkout where it siphoned off credit card data before sending it to the attackers over SSL / TLS via the domain neweggstats.com.


Newegg removed the offending code on September 18. The Magecart group is reportedly behind the attack according to Volexity and RiskIQ.


t’s unclear exactly how many victims were hit although considering Newegg generated $2.65 billion in revenue in 2016 and has more than 50 million visitors a month, the figure is probably pretty large.


The code used in the Newegg attack is functionally very similar to what was used against British Airways albeit more streamlined. Whereas the British Airways attack utilized 22 lines of code, the Newegg attack was carried out using just eight lines of code (or 15 if the code was “beautified”).


Anyone that shopped at Newegg over the past month is encouraged to contact their bank immediately for a replacement card.


The skimmer code was in operation for at least a month and was not removed until September 18th.


RiskIQ senior threat intelligence analyst Yonathan Klijnsma told ZDNet that Volexity disclosed the skimmer's presence to Newegg on the morning of the 18th, of which the malicious script was removed by the afternoon.


According to Similarweb, the retailer receives over 50 million visits per month. It is possible the covert operation has, therefore, snagged the data of potentially millions of Newegg customers.


"RiskIQ's automatic detections of instances of Magecart breaches pings us almost hourly," the company says. "Meanwhile, we're seeing attackers evolve and improve over time, setting their sites on breaches of large brands."


"While some Magecart groups still target smaller shops, the subgroup responsible for the attacks against Newegg and British Airways is particularly audacious, performing cunning, highly targeted attacks with skimmers that seamlessly integrate into their targets' websites," RiskIQ added.





  • Like 1

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.