Cyber Attacks

Magecart Stole Customers’ Credit Cards From Newegg Electronics Retailer


Magecart hacking group has stolen the credit card details of the popular computer hardware and consumer electronics retailer Newegg.

The group managed to infiltrate the Newegg website and steal the credit card details of all customers who entered their payment card information between August 14 and September 18, 2018. Security firms RiskIQ and Volexity have revealed about the breach on Tuesday.

The hackers used a code-based credit card skimmer in which they embedded a few lines of malicious Javascript code into the Newegg website’s payment page and then send it to a remote server.

The hacking group were active since at least 2015, and they registered a domain called neweggstats(dot)com on August 13, similar to Newegg’s legitimate domain, and acquired an SSL certificate issued for the domain by Comodo for their website.

After that the group inserted the skimmer code into the Newegg website at the payment processing page and it will become active only when the payment page was hit.

After adding the product to the shopping cart and entering the delivery details, the website takes the customer to the payment page to enter the credit card details. When the credit card details are provided and the submit button is pressed the skimmer code immediately sends a copy of that data to the attacker’s domain, i.e., neweggstats(dot)com without interrupting the checkout process.

Newegg Hack May Affect Millions of Customers

It is still not known how many customers are affected by this credit card breach as the attack affected both desktop and mobile customers.

By considering that more than 50 million customers visit Newegg every month and that the malicious code was there for more than a month, it could be assumed that this could have affected millions of Newegg customers.

The Magecart hacking group had earlier breached the British Airways website and its mobile application and managed hack the payment details of around 380,000 victims.

Any customer who has entered their credit card details on the website during the attack period should immediately contact the bank, block the payment card, and request for a replacement.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    Xbash Malware Combines Features of Ransomware, Coin Mining and Botnet

    Previous article

    Canadian retailer’s servers storing 15 years of user data sold on Craigslist

    Next article

    You may also like


    Leave a reply

    Your email address will not be published. Required fields are marked *