Popular online computer store Newegg was compromised by an attack that siphoned customer credit card data during checkout.
According to cyber-security watchdog Volexity, the attack ran from August 16th to September 18th, 2018.
A hacker group called Magecart was behind the attack. The same group carried out similar attacks on British Airways, Ticketmaster and Feedify.
Like other attacks, Magecart compromised the Newegg website using a small bit of code. The code was able to take data when customers moved to the billing information screen. It sent the data to another domain called neweggstats.com.
Magecart registered that domain on August 13th, 2018. Furthermore, the the hacker group was able to obtain an SSL security certificate for the domain on the same day.
While Volexity found no evidence of attacks beginning until the 16th, it is possible that attacks started on the 13th.
Thanks to the similar domain name and security certificate, the attack was able to hide amidst Newegg’s regular site traffic. Magecart used this method of hiding in plain sight in its other attacks.
The code was removed from the Newegg website on September 18th.
Newegg has sent out emails to affected customers and plans to post a FAQ on its site by the end of the week.
If you’ve purchased anything from Newegg within the last month, you should keep an eye on your credit card for fraudulent activity. You should also contact your credit card company for a replacement card.
Source: Volexity Via: Android Police Via: Newegg
