The skimmer, injected into the store’s payment page, harvested credit-card details from the store’s online customers for more than a month

The major electronics and computer hardware retailer Newegg has announced that attackers have compromised its online payments system, potentially scooping up buyers’ credit-card data over a period of more than a month.

“Yesterday we learned one of our servers had been injected with malware which was identified and removed from our site,” the company said in a statement on Twitter.

According to reports by threat management outfits RiskIQ and Volexity, which jointly uncovered the breach, the data exfiltration lasted from around August 14 to September 18. The attack relied on malicious JavaScript code that was injected into the store’s payment-processing page, where customers input their credit card details.

The malicious script, which worked on both the website’s desktop and mobile version, would then forward the data to a server with a (no longer active) domain. The domain, neweggstats.com, was designed to blend in with the legitimate newegg.com website, having been set up for that purpose – and with a valid HTTPS certificate at that – on August 13.

The attack has been attributed to a threat collective known as Magecart, which, according to RiskIQ, is also to blame for the recent breach at British Airways, as well as for the breach at Ticketmaster’s UK site.

The script, which only contains 15 lines, has been removed after RiskIQ and Volexity alerted Newegg to the compromise. While customized to steal data from the Newegg website, the script is similar to the one leveraged in the British Airways compromise, said Volexity.

It’s unclear at this point how many people have been affected. Newegg.com is the 164th most popular website in the US, according to Alexa, and it receives some 50 million visitors per month. Anybody who made a purchase on the website between August 14 and September 18 should keep their eyes peeled for any suspicious activity on their bank accounts.

Source: HERE

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!