News

Newegg card skimming hack shed customer payment details for more than a month

Online retailer Newegg has been the victim of a one-month data leak, with the payment details of thousands of customers who may have been obtained by hackers, by adding code to the store's payment page in the same way as other recent attacks.

The infringement, discovered and verified by security company Volexity in collaboration with RiskIQ, appears to have been executed since 14 August and ran until 18 September, reports TechCrunch. The attack, which injected only 15 lines of code into the payment page, allowed credit card information to be smashed and stored on a private server during the checkout process.

The attackers have created a website with a similar name to the Newegg store, a noble title that avoids mistrust and even has its own HTTPS certificate. After being notified, Newegg removed the site's JavaScript and started alerting customers.

Newegg CEO Danny Lee advised customers in an e-mail that the company has not yet identified which accounts have been affected, with the scale of the attack largely unknown. As a large retail company with 2.65 billion in revenue in 2016 and with more than 45 million monthly unique visitors, the number of affected customers shopping at Newegg during the period could be quite high.

The attack hit both desktop and mobile versions of the Newegg site, but it is unclear whether mobile users were affected by the infringement at all.

According to RiskIQ, the attack is a continuation of a series of compromises known as "Magecart" and which has hit a number of large companies. Analysis of the attack reveals that it is similar to the attacks on the British Airways and Ticketmaster reservation system, targeting each reservation and payment system by collecting the data before it reaches the company's servers, instead of directly connecting the servers to fall.

The similarity of the code between the British Airways and Newegg attacks suggests that it comes from the same code base, and possibly from the same hackers. Few elements in the code have changed, but the length of the JavaScript code was shorter in the Newegg version because only one form needs to be serialized, instead of the different forms used by the airline.

The relative ease and duration of the violation may certainly suggest that future attacks of this type may continue for a while, and with a wide variety of available targets.

"Newegg's violation shows the actual size of the Magecart operators' range," advised Jonathan Klijnsma of RiskIQ. "These attacks are not limited to certain geolocations or specific industries – any organization that processes online payments is a target."

© Appleinsider

We will be happy to hear your thoughts

      Leave a reply

      For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

      If you agree to these terms, please click here.

      Apple iPhone stop
      Login/Register access is temporary disabled