line retailer Newegg has been the victim of a e-mth data leak, with the payment details of thousands of customers who may have been obtained by hackers, by adding code to the store's payment page in the same way as other recent attacks.
The infringement, discovered and verified by security company Volexity in collaborati with RiskIQ, appears to have been executed since 14 August and ran until 18 September, reports TechCrunch. The attack, which injected ly 15 lines of code into the payment page, allowed credit card informati to be smashed and stored a private server during the checkout process.
Newegg CEO Danny Lee advised customers in an e-mail that the company has not yet identified which accounts have been affected, with the scale of the attack largely unknown. As a large retail company with 2.65 billi in revenue in 2016 and with more than 45 milli mthly unique visitors, the number of affected customers shopping at Newegg during the period could be quite high.
The attack hit both desktop and mobile versis of the Newegg site, but it is unclear whether mobile users were affected by the infringement at all.
According to RiskIQ, the attack is a ctinuati of a series of compromises known as "Magecart" and which has hit a number of large companies. Analysis of the attack reveals that it is similar to the attacks the British Airways and Ticketmaster reservati system, targeting each reservati and payment system by collecting the data before it reaches the company's servers, instead of directly cnecting the servers to fall.
The relative ease and durati of the violati may certainly suggest that future attacks of this type may ctinue for a while, and with a wide variety of available targets.
"Newegg's violati shows the actual size of the Magecart operators' range," advised Jathan Klijnsma of RiskIQ. "These attacks are not limited to certain geolocatis or specific industries – any organizati that processes line payments is a target."