Newegg leaked credit card information for more than a month

Remember the British Airways data breach from beginning of September? Well, it has happened again – the company is a different one but the breach is just as bad: Newegg, one of the biggest US technology retailers has leaked customer data for almost a month.

Same tech as with British Airways

On Wednesday RiskIQ and Volexity, two security firms, reported the Newegg breach which appears to be just the latest in a line of hacked high-profile websites. According to the report the attack seems to be similar to the recent British Airways one and even may have started a week earlier.

The injected Javascript code that makes is possible to skim credit card information is just 15 lines long and especially crafted to work with Newegg. On top of that it is almost identical to the code used in the other two attacks which is why the researchers believe it to be from the same source: Magecart.

Source: Volexity

The code itself was added quietly on August 16th, sometime between 15:45 and 20:20 UTC. It’s was present on the payment information page and basically bound to the checkout button. That made sure that everyone buying something and clicking on said button would basically submit their data not only to Newegg but also to a destination specified by the cybercriminals. Even worse, the script worked not only for desktop PCs but also smartphones and tablets.

Attack live for more than a month

Right now it is believed that Newegg was compromised for over a month. The domain neweggstats.com, to which all the data was forwarded to was registered on August 13th, while the Javascript injection most likely happened on August 16th. The malicious code was finally removed on September 18th, more than a month later.

As of now there is no information available on how many customers have been affected. Considering the size of the company and the fact that the page has more than 50 million visitors a month, it is most likely quite high.

Smart service warns against data misuse

Here’s a great tip if you’re worried about the above and want to protect yourself: Avira Identity Scanner, a new solution from Avira, warns you if your identity is being misused. To tell you, Avira Identity Scanner scours the visible and invisible internet (Dark Web) specifically looking for your information – including your credit card and account details. If any of your data is being misused, it gives you a warning and tips on what steps you can take to counter data misuse.

This post is also available in: German

PR & Social Media Manager @ Avira |Gamer. Geek. Tech addict.