Hackers stole customer credit cards in Newegg data breach
Newegg is clearing up its website after a month-long data breach.
Hackers injected 15 lines of card skimming code on the online retailer’s payments page which remained for more than a month between August 14 and September 18, Yonathan Klijnsma, a threat researcher at RiskIQ, told TechCrunch. The code siphoned off credit card data from unsuspecting customers to a server controlled by the hackers with a similar domain name — likely to avoid detection. The server even used an HTTPS certificate to blend in.
The code also worked for both desktop and mobile customers — though it’s unclear if mobile customers are affected.
The online electronics retailer removed the code on Tuesday after it was contacted by incident response firm Volexity, which first discovered the card skimming malware and reported its findings.
Newegg is one of the largest retailers in the US, making $2.65 billion in revenue in 2016. The company touts more than 45 million monthly unique visitors, but it’s not known precisely how many customers completed transactions during the period.
When reached, a Newegg spokesperson did not immediately comment.
Klijnsma called the incident “another well-disguised attack” that looked near-identical to the recent British Airways credit card breach. Like that breach, RiskIQ attributed the Newegg credit card theft to the Magecart group, a collective of hackers that carry out targeted attacks against vulnerable websites.
The code used in both skimming attacks was near identical, according to the research.
“The breach of Newegg shows the true extent of Magecart operators’ reach,” said Klijnsma. “These attacks are not confined to certain geolocations or specific industries—any organization that processes payments online is a target.”
Like previous card skimming campaigns, he said that the hackers “integrated with the victim’s payment system and blended with the infrastructure and stayed there as long as possible.”
Anyone who entered their credit card data during the period should immediately contact their banks.
Source: https://techcrunch.com/2018/09/19/newegg-credit-card-data-breach/
Anyone can join.
Anyone can contribute.
Anyone can become informed about their world.
"United We Stand" Click Here To Create Your Personal Citizen Journalist Account Today, Be Sure To Invite Your Friends.
Please Help Support BeforeitsNews by trying our Natural Health Products below!
Order by Phone at 888-809-8385 or online at https://mitocopper.com M - F 9am to 5pm EST
Order by Phone at 866-388-7003 or online at https://www.herbanomic.com M - F 9am to 5pm EST
Order by Phone at 866-388-7003 or online at https://www.herbanomics.com M - F 9am to 5pm EST
Humic & Fulvic Trace Minerals Complex - Nature's most important supplement! Vivid Dreams again!
HNEX HydroNano EXtracellular Water - Improve immune system health and reduce inflammation.
Ultimate Clinical Potency Curcumin - Natural pain relief, reduce inflammation and so much more.
MitoCopper - Bioavailable Copper destroys pathogens and gives you more energy. (See Blood Video)
Oxy Powder - Natural Colon Cleanser! Cleans out toxic buildup with oxygen!
Nascent Iodine - Promotes detoxification, mental focus and thyroid health.
Smart Meter Cover - Reduces Smart Meter radiation by 96%! (See Video).
| Online: | |
| Visits: | 1,599,997,556 |
| Stories: | 8,140,959 |
Whistler Blowers, Insiders
