Financial Info Leaked in Newegg Data Breach


Mar 3, 2018
Working together, Volexity and RiskIQ discovered a credit card skimming attack on Newegg's website. The security researchers claim that hackers injected Javascript code into Newegg's secure checkout page, which would collect form data and send it to "". That domain was created on August 13th, and started collecting data on August 16th, but the offending Javascript code wasn't removed until September 18th. The researchers say that the same actors behind the British Airways and Feedify hacks were behind this attack. Needless to say, if you ordered anything on Newegg in August or September, you should call your bank.

Magecart attacks are surging-RiskIQ's automatic detections of instances of Magecart breaches pings us almost hourly. Meanwhile, we're seeing attackers evolve and improve over time, setting their sites on breaches of large brands. While some Magecart groups still target smaller shops, the subgroup responsible for the attacks against Newegg and British Airways is particularly audacious, performing cunning, highly targeted attacks with skimmers that seamlessly integrate into their targets' websites. The attack on Newegg shows that while third parties have been a problem for websites-as in the case of the Ticketmaster breach-self-hosted scripts help attackers move and evolve, in this case changing the actual payment processing pages to place their skimmer.
Phew! I just checked my order history - September 14th ... 2017! Ever since they changed owners and threw their Connecticut (IIRC) customers under the bus for sales tax, I've been using eBay (web stores for big name vendors) or Amazon or Microcenter.
Damn . . . .placed an order earlier this month for some odds and ends . . . . . not going to take any chances- just cancelled my card. They should never have stopped accepting personal checks and money orders.
Last edited:
Newegg has kinda fallen off a cliff lately. They kinda remind me of the K-Mart stores shortly before they closed. They're there and most everybody knows the name but you walk inside and it's just empty, dead and old looking.
Why am I reading it here and now, instead of an email from Newegg on the DAY THAT IT WAS DISCOVERED? :mad: Just built a Ryzen system. Bought stuff from all over, including Newegg.
Yeah that's a damn good point. An email should have been sent out at the very least. Better would be a banner on the top of every page of newegg mentioning that they were breached, you should contact your banks immediately, click here for more information. Thank god for [H]ard|OCP letting me know I'm about to get bent over.
thankfully the monitor i almost bought on newegg last month was the same price on amazon..
Haven't bought anything from Newegg in a while, but it sure was smart given the date the Nvidia "the more you buy, the more you save" preorders began.
Another demonstration of the stupidity of the current e-commerce design. The only folks that should be involved in an online CC transaction should be the CC holder, the CC issuer or designated agent and the vendor. But most e-commerce sites require multiple 3rd party scripts to run and require data to go to multiple 3rd party sites for the transaction to complete. Makes it almost impossible for the CC holder/customer to know when the site has been hacked. Imagine if every CC transaction at Walmart required you to hand your card over to 5 or 6 strangers before it was inserted into the POS gizmo and then another 2 or 3 before it made it back to your wallet.

I think the last things I bought from Newegg were for my several year old i7-3770 system.
Bought a motherboard on the 16th... I did everything through PayPal though. Will be contacting my bank next.
At the rate these attacks are successful credit card companies will need to start issuing new cards every month just to try and stay ahead of it... which will itself widen another angle of attack.

I gave up on them in 2013...

I gave up on them after ordering 5 Raid Edition (i.e expensive, over $1k order) hardrives from them only to receive them with basically no packing materials.. drives laying right in a cardboard box... oem drives, so not like they were at least in retail packaging...

Fuck that shit.

Amazon is far superior.
  • Like
Reactions: PaulP
like this

7/26 was my last order there for 4x 12TB HDDS. Close call!
Order date: 9/8/2018... At least the purchase was with my credit card and not a bank card.
Just built myself a new system and got a few things from Newegg myself. Not gonna sweat it. I'll just keep an eye on my statement. Anything funny shows up, and simple call to the credit card company will clear it up.
Crap...gotta inform a bunch of people of this. Thanks for the heads-up.
Just got an email:

Yesterday, we learned one of our servers had been injected with malware which may have allowed some of your information to be acquired or accessed by a third party. The malware was quite sophisticated and we are conducting extensive research to determine exactly what information may have been acquired or accessed and how many customers may have been impacted. We will keep you up to date with our progress and work to ensure this doesn't happen again. The malware is no longer on our site and we will be doing our best to bring the culprits to justice.

We have not yet determined which customer accounts may have been affected, but out of an abundance of caution we are alerting those accounts at risk as soon as possible so that they can keep an eye on their accounts for any suspicious activity. We hope by alerting you quickly to help prevent any misuse of information that may have been acquired or accessed.

By Friday, we will publish an FAQ that will answer common questions we get; we will send you a link as soon as it goes live. We will also publish the link on our social media platforms. We want to make sure you are completely informed.

We are very sorry circumstances have warranted this message. We are working diligently to address this issue and will provide additional information to you shortly.

Danny Lee, CEO Newegg

So annoying. Luckily as with others it was a credit card and not a bank card, however I also use that card for some auto-pay stuff so that's always a pain in the butt to switch.
Ugh.. fifteen lines of jquery to an AJAX call and this happens? Ugly.. ugly..UGLY!

I gave up on them in 2013...
RMA's with them used to be great. My last one instead of replacing the product I bought on sale they refunded me hoping I'd buy something much more expensive. Hopefully finding something to buy from a person here instead.
Hmm. I did order from Newegg during this period, but I used PayPal. I'm guessing PayPal is not affected as it needs authentication every time, but who knows...