Newegg Online Payment System Compromised by Cybercriminals

• Newegg is the latest in line to face a security breach in its online payment system.
• The store’s payments page was used to harvest credit card details for over a month by attackers.
• Attackers infected one of the servers with malware, and it has been removed.

Popular e-commerce platform Newegg has suffered a malware attack which may have compromised credit card information belonging to a large number of users. A credit card skimming malware was injected into Newegg’s payment page and harvested credit card details for over a month. Newegg is one of the most popular websites for computer hardware and accessories and caters to a large number of users from across the globe. With around 50 million visits a month, the extent of the credit card data breach could be one of the largest ever seen.

The computer hardware store made an official announcement via Twitter. Newegg is currently investigating to determine how much info was obtained by attackers. Customers who have been potentially impacted are being sent emails through the e-commerce website. Newegg has requested all users to check their emails to find out if they may have been affected.

Yesterday we learned one of our servers had been injected with malware which was identified and removed from our site. We’re conducting extensive research to determine exactly what info was obtained and are sending emails to customers potentially impacted. Please check your email

— Newegg (@Newegg) September 19, 2018

According to RiskIQ and Volexity, who identified the breach, the attack against Newegg was conducted from August 14 to September 18. Cybercriminals injected a malicious JavaScript Code into the store’s payments page, which is responsible for collecting credit card data of users for processing purchases. The malware exploited both the mobile and desktop versions of the shopping website. All of the data has been transferred to a private server which is no longer active.

The attackers allegedly used the Magecart exploit, which was also used recently to perform a similar credit card theft that has affected approximately 380,000 British Airways customers. The malware contains only 15 lines of code, and it has already been removed to secure the website. Users who made purchases on Newegg between August 14 and September 18 need to be on high alert and keep an eye out for any suspicious transactions in their credit card statements.

What do you think about the malware attack on Newegg? Let us know in the comments below. Also, to get instant tech updates, follow TechNadu’s Facebook page, and Twitter handle.