Credit card and payment information was unfortunately skimmed from the popular electronics website between August 14 and September 18, 2018 putting millions of customers at risk. If you’ve ever shopped at Newegg between those dates, it’s best to consult with your credit card company and take appropriate measures.

Newegg unfortunately became victim to the same group that recently victimized British Airways and Ticketmaster. The group known as Magecart managed to inject a digital version of a credit card skimmer composed of 15 lines of JavaScript code into Newegg’s checkout page.

This code works within the background, not interrupting the checkout process, making Newegg and its customers unaware for more than a month, that it’s been skimming customer payment information and sending that info to a remote server. The remote server named neweggstats.com would look transparent to the user in case the activity appeared in the browser status bar. The domain is legit and it even has an SSL certificate.

Up to fifty million customers visit Newegg every month for their electronics needs so it’s safe to say that those affected by this breach could be at least seven digits. That’s a substantial number of info compared to Ticketmaster and British Airways where Magecart got away with the credit card data of over 300,000 victims.

The code shared remarkable similarities with the British Airways breach leading authorities to believe that Magecart is responsible. If it were this easy for Magecart to infiltrate three websites, who knows what other companies are affected.

Yesterday, we learned one of our servers had been injected with malware which may have allowed some of your information to be acquired or accessed by a third party… The malware was quite sophisticated and we are conducting extensive research to determine exactly what information may have been acquired or accessed and how many customers may have been impacted.

–Danny Lee, CEO, Newegg

The code Magecart used to skim credit card information is only 15 lines long, injecting that in there can only be done through malware which may have infiltrated the offices of Newegg and the two other companies. The malware then somehow gives Magecart access to the victim’s web server and injects its payload.

Knowing where to insert the code involved some sleuthing into Newegg’s checkout page which can easily be done with modern browsers. It seems browsers may need to include a mechanism to determine if a page holds or processes financial information and exempt them from being debugged by non-company employees.

…It’s becoming clear to the industry that these simple yet clever attacks are not only devastating, they’re becoming more and more prevalent. Newegg is just the latest victim,

–RiskIQ

Newegg has of course removed the nasty code and reached out customer’s potentially affected by the reach via email.

The post Hackers Crack Newegg appeared first on Hack Ware News.