Newegg Data Breach Spills Customers’ Credit Card Details

Newegg Data Breach Spills Customers’ Credit Card Details

Newegg, one of the largest e-retailers in the United States with over 45 million unique monthly visitors, is clearing up its website after a reported month-long data breach.

First discovered by RiskIQ threat researcher Yonnathan Klinjsma, the website was infected with 15 lines of credit card skimming code on the online retailer’s payments page for a period of over a month between August 14 and September 18. The code stole credit card details from unsuspecting customers to siphon the info to a server controlled by hackers with a similar domain name in a bit to avoid suspicion, TechCrunch reported.

The malicious JavaScript code was present in the page during the checkout process.

The code worked on both desktop and mobile customers before it was finally removed by Newegg on Tuesday after being alerted to it by incident response firm Volexity. The opportunistic hackers even used a HTTPS certificate to appear legitimate.

The attack draws parallels with the recent British Airways credit card breach and the Ticketmaster breach, before it. RiskIQ has pointed the finger at the Magecart group, a collective of hackers that targeted vulnerable websites with credit card skimming code.

“The breach of Newegg shows the true extent of Magecart operators’ reach,” Klijnsma stated in an interview with TechCrunch. “These attacks are not confined to certain geolocations or specific industries—any organization that processes payments online is a target.”

The “brazen attack”, as described by Volexity, saw the use of a domain called ‘’, created only days before the domain was used to carry out the data theft.

“The JavaScript leveraged in this attack is very similar to that observed from the British Airways compromise. The code in this case is customized to work with the Newegg website and send data to a different domain the attackers created in an attempt to blend in with the website,” researchers added.

Image credit: Flickr/Jason Howie.