Vote 2020 graphic
Everything you need to know about and expect during
the most important election of our lifetimes

Newegg Data Breach Left Customer Credit Cards Exposed For a Month, Security Researchers Say

Illustration for article titled Newegg Data Breach Left Customer Credit Cards Exposed For a Month, Security Researchers Say
Photo: Getty

Many Newegg customers reportedly had their credit card information exposed in a breach that researchers are attributing to the Magecart group.

Advertisement

The payment page for the electronic and computer retailer remained breached for more than a month, from August 14 until September 18, according to security researchers.

On Wednesday, security firms RiskIQ and Volexity released reports on their joint investigation into the breach, asserting that the methods used resemble those of Magecart, which was behind the Ticketmaster breach in June and was likely behind the recent British Airways hack, according to an investigation from RiskIQ.

Advertisement

The 15-line card-skimming code hackers used on the Newegg payment page was almost identical to the code used in the other two major attacks, according to RiskIQ.

“The breach of Newegg shows the true extent of Magecart operators’ reach,” RiskIQ threat researcher Yonathan Klijnsma told TechCrunch. “These attacks are not confined to certain geolocations or specific industries—any organization that processes payments online is a target.

Newegg did not respond to a Gizmodo request for comment. TechCrunch reports Newegg chief executive Danny Lee sent an email to Newegg customers stating the company has “not yet determined which customer accounts may have been affected.”

The RiskIQ report states, “we can assume this attack claimed a massive number of victims,” because of how long the payment page was being skimmed.

Advertisement

RiskIQ encouraged banks to reissue any cards used for Newegg transactions over the last few weeks.

[RiskIQ, Volexity, TechCrunch]

Advertisement

Former senior reporter at Gizmodo

Share This Story

Get our newsletter

DISCUSSION

I guess it’s kind of a blessing then that NewEgg has gone so far downhill since they got bought that I haven’t bought anything from them in over a year. Same with my friends - I did a quick ask-around, and nobody’s bought from NewEgg in quite a while, though we all used to swear by it.

And of course the Pariah of Domain Registrars, Comodo, was involved, though in a plausibly deniable way (only a DV cert, not an EV).