Newegg confirms credit card information was taken in a sophisticated attack

The same attack used on British Airways and Ticketmaster appears to have been used against Newegg.com.

Credit: IDG

Online retailer Newegg on Wednesday confirmed that credit card information from customers had been stolen using a sophisticated attack.

"Yesterday we learned one of our servers had been injected with malware which was identified and removed from our site," the company said in a statement on Twitter. "We’re conducting extensive research to determine exactly what info was obtained and are sending emails to customers potentially impacted. Please check your email."

This makes Newegg the latest company to get hit by black hat hacker groups collectively called Magecart. Security researchers at RiskIQ said the attack worked by injecting malicious JavaScript onto Newegg's page to skim credit card information and sent it it to a domain registered as Neweggstats.com. RiskIQ said a very similar "Magecart assault" was also used against British Airways and Ticketmaster earlier this year.

magecart attack british airways code RiskIQ

RiskIQ said JavaScript code very similar to the attack on British Airways (above) was used to steal info from customers on Newegg.com.

In the Newegg attack, the injected code was designed to avoid detection by blending into the surrounding infrastructure. Although Newegg has not confirmed it, it's possible customers who made purchases from the company on both computers and mobile could have been hit.

Security researchers at Volexity said they believe the injection occurred on August 16, 2018, when the domain for Neweggstats.com was registered. Customers from that date in August to September are likely impacted. Both Volexity and RiskIQ jointly discovered the attack and alerted Newegg this week which removed the code on Tuesday.

Newegg said it will release more information this week, and contact customers whose data may have been stolen.

Show Comments