UPDATED 20:41 EDT / SEPTEMBER 19 2018

INFRA

Magecart group hacks Newegg and steals credit card data

Online electronics retailer Newegg Inc. is the latest victim of an attack by the Magecart group, which stole credit card data used for customer payments for more than a month through Tuesday.

Detailed by security firm RiskIQ Inc., the hack started Aug. 14 and involved the injection of 15 lines of code into Newegg’s payments page used in both the company’s webpage and its mobile application.

As with the recent Ticketmaster Inc. and British Airways airways hacks, the hackers placed the script to intercept credit card data on the final checkout page.

The process, called “web-based card skimming,” saw the data sent to a server of a similarly named domain, in this case neweggstats.com. It came complete with an HTTPS certificate controlled by the hackers, obfuscating the fact that the credit data was being stolen.

Confirming the link between the British Airways hack, the researchers noted that the hackers used the same basecode. “All the attackers changed is the name of the form it needs to serialize to obtain payment information and the server to send it to, this time themed with Newegg instead of British Airways,” they said. “In the case of Newegg, the skimmer was smaller because it only had to serialize one form and therefore condensed down to a tidy 15 lines of script.”

Newegg has confirmed the hack and has started to inform customers. It said in an email that one of its services “had been injected with malware which may have allowed some of your information to be acquired by a third party.”

The email went on to note that it has “not yet determined which customer accounts may have been affected, but out of an abundance of caution we are alerting those accounts at risk as soon as possible so that they can keep an eye on their accounts for any suspicious activity.”

Newegg promised to publish more details on Friday as its investigation continues.

The size of the hack is not yet determined. But as RiskIQ pointed out in its report, Newegg booked $2.65 billion in revenue in 2016, making the size of the hack potentially not only large but damaging as well.

“The attack on Newegg shows that while third parties have been a problem for websites — as in the case of the Ticketmaster breach, self-hosted scripts help attackers move and evolve, in this case changing the actual payment processing pages to place their skimmer,” the researchers concluded.

Photo: Raysonho/Wikimedia Commons

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU