Financial Info Leaked in Newegg Data Breach

AlphaAtlas

[H]ard|Gawd
Staff member
Joined
Mar 3, 2018
Messages
1,713
Working together, Volexity and RiskIQ discovered a credit card skimming attack on Newegg's website. The security researchers claim that hackers injected Javascript code into Newegg's secure checkout page, which would collect form data and send it to "neweggstats.com". That domain was created on August 13th, and started collecting data on August 16th, but the offending Javascript code wasn't removed until September 18th. The researchers say that the same actors behind the British Airways and Feedify hacks were behind this attack. Needless to say, if you ordered anything on Newegg in August or September, you should call your bank.

Magecart attacks are surging-RiskIQ's automatic detections of instances of Magecart breaches pings us almost hourly. Meanwhile, we're seeing attackers evolve and improve over time, setting their sites on breaches of large brands. While some Magecart groups still target smaller shops, the subgroup responsible for the attacks against Newegg and British Airways is particularly audacious, performing cunning, highly targeted attacks with skimmers that seamlessly integrate into their targets' websites. The attack on Newegg shows that while third parties have been a problem for websites-as in the case of the Ticketmaster breach-self-hosted scripts help attackers move and evolve, in this case changing the actual payment processing pages to place their skimmer.
 

dvsman

2[H]4U
Joined
Dec 2, 2009
Messages
3,629
Phew! I just checked my order history - September 14th ... 2017! Ever since they changed owners and threw their Connecticut (IIRC) customers under the bus for sales tax, I've been using eBay (web stores for big name vendors) or Amazon or Microcenter.
 

Danny Dawg

Gawd
Joined
Nov 5, 2008
Messages
811
Damn . . . .placed an order earlier this month for some odds and ends . . . . . not going to take any chances- just cancelled my card. They should never have stopped accepting personal checks and money orders.
 
Last edited:

U-238

Limp Gawd
Joined
Aug 14, 2008
Messages
255
Newegg has kinda fallen off a cliff lately. They kinda remind me of the K-Mart stores shortly before they closed. They're there and most everybody knows the name but you walk inside and it's just empty, dead and old looking.
 

arnemetis

2[H]4U
Joined
Aug 2, 2004
Messages
3,951
Why am I reading it here and now, instead of an email from Newegg on the DAY THAT IT WAS DISCOVERED? :mad: Just built a Ryzen system. Bought stuff from all over, including Newegg.
Yeah that's a damn good point. An email should have been sent out at the very least. Better would be a banner on the top of every page of newegg mentioning that they were breached, you should contact your banks immediately, click here for more information. Thank god for [H]ard|OCP letting me know I'm about to get bent over.
 

sirmonkey1985

[H]ard|DCer of the Month - July 2010
Joined
Sep 13, 2008
Messages
22,230
thankfully the monitor i almost bought on newegg last month was the same price on amazon..
 

iamjanco

Limp Gawd
Joined
Jul 8, 2016
Messages
460
Haven't bought anything from Newegg in a while, but it sure was smart given the date the Nvidia "the more you buy, the more you save" preorders began.
 

Dead Parrot

2[H]4U
Joined
Mar 4, 2013
Messages
2,831
Another demonstration of the stupidity of the current e-commerce design. The only folks that should be involved in an online CC transaction should be the CC holder, the CC issuer or designated agent and the vendor. But most e-commerce sites require multiple 3rd party scripts to run and require data to go to multiple 3rd party sites for the transaction to complete. Makes it almost impossible for the CC holder/customer to know when the site has been hacked. Imagine if every CC transaction at Walmart required you to hand your card over to 5 or 6 strangers before it was inserted into the POS gizmo and then another 2 or 3 before it made it back to your wallet.

I think the last things I bought from Newegg were for my several year old i7-3770 system.
 

prne10

Limp Gawd
Joined
Oct 26, 2005
Messages
217
last purchase - August 16th, 2018. FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
 

n3ckcutta

Limp Gawd
Joined
Nov 5, 2009
Messages
230
Bought a motherboard on the 16th... I did everything through PayPal though. Will be contacting my bank next.
 

Crackinjahcs

Limp Gawd
Joined
Jan 31, 2018
Messages
150
At the rate these attacks are successful credit card companies will need to start issuing new cards every month just to try and stay ahead of it... which will itself widen another angle of attack.
 

GoodBoy

2[H]4U
Joined
Nov 29, 2004
Messages
2,305
Lately?!

I gave up on them in 2013...

I gave up on them after ordering 5 Raid Edition (i.e expensive, over $1k order) hardrives from them only to receive them with basically no packing materials.. drives laying right in a cardboard box... oem drives, so not like they were at least in retail packaging...

Fuck that shit.

Amazon is far superior.
 
  • Like
Reactions: PaulP
like this

Cactusj

n00b
Joined
Jun 4, 2018
Messages
60
Order date: 9/8/2018... At least the purchase was with my credit card and not a bank card.
 

sboucher

Gawd
Joined
Oct 7, 2004
Messages
550
Just built myself a new system and got a few things from Newegg myself. Not gonna sweat it. I'll just keep an eye on my statement. Anything funny shows up, and simple call to the credit card company will clear it up.
 

AceGoober

Live! Laug[H]! Overclock!
Joined
Jun 25, 2003
Messages
24,240
Crap...gotta inform a bunch of people of this. Thanks for the heads-up.
 

wiploc

Limp Gawd
Joined
Jan 28, 2005
Messages
198
Just got an email:


Yesterday, we learned one of our servers had been injected with malware which may have allowed some of your information to be acquired or accessed by a third party. The malware was quite sophisticated and we are conducting extensive research to determine exactly what information may have been acquired or accessed and how many customers may have been impacted. We will keep you up to date with our progress and work to ensure this doesn't happen again. The malware is no longer on our site and we will be doing our best to bring the culprits to justice.

We have not yet determined which customer accounts may have been affected, but out of an abundance of caution we are alerting those accounts at risk as soon as possible so that they can keep an eye on their accounts for any suspicious activity. We hope by alerting you quickly to help prevent any misuse of information that may have been acquired or accessed.

By Friday, we will publish an FAQ that will answer common questions we get; we will send you a link as soon as it goes live. We will also publish the link on our social media platforms. We want to make sure you are completely informed.

We are very sorry circumstances have warranted this message. We are working diligently to address this issue and will provide additional information to you shortly.

Sincerely,
Danny Lee, CEO Newegg


So annoying. Luckily as with others it was a credit card and not a bank card, however I also use that card for some auto-pay stuff so that's always a pain in the butt to switch.
 

modi123

Supreme [H]ardness
Joined
Sep 6, 2006
Messages
6,621
Ugh.. fifteen lines of jquery to an AJAX call and this happens? Ugly.. ugly..UGLY!
 

mkrohn

2[H]4U
Joined
Apr 30, 2012
Messages
2,345
Lately?!

I gave up on them in 2013...
RMA's with them used to be great. My last one instead of replacing the product I bought on sale they refunded me hoping I'd buy something much more expensive. Hopefully finding something to buy from a person here instead.
 

Zarathustra[H]

Extremely [H]
Joined
Oct 29, 2000
Messages
34,523
Hmm. I did order from Newegg during this period, but I used PayPal. I'm guessing PayPal is not affected as it needs authentication every time, but who knows...
 
Top