Newegg Faces Data Breach Amid Magecart Attacks
In a significant cybersecurity incident, the infamous Magecart hacking group has breached the website of Newegg, a leading U.S.-based retailer specializing in computer hardware and consumer electronics. The attack, which occurred between August 14 and September 18, 2018, allowed hackers to extract credit card information from customers who processed payments during this period, as reported by cybersecurity firms Volexity and RiskIQ.
The Magecart group is notable for its previous attacks on major entities, including Ticketmaster and British Airways. Utilizing a digital credit card skimmer, the attackers embedded malicious JavaScript code within Newegg’s checkout page. This code intercepted sensitive payment data entered by customers and transmitted it to a remotely controlled server. By the time the customers hit the submit button, their card details were already compromised, a flaw that did not disrupt the checkout process, thus continuing to facilitate transactions seamlessly.
The incident sheds light on how the attackers managed to operate effectively by registering a domain closely resembling Newegg’s official website—neweggstats(dot)com—and obtaining an SSL certificate for it. This allowed them to masquerade their activities, as they inserted the skimmer into the website’s payment processing page, activated only when a genuine transaction was initiated by a customer.
The ramifications of this breach could be extensive. Newegg attracts over 50 million visitors monthly; thus, even a small fraction of these users who entered their credit card information could have been affected. Considering the one-month duration of the malicious code’s presence, it suggests that millions of customers may have had their financial data compromised.
Researchers at RiskIQ noted that the skimmer code in the Newegg incident is strikingly similar to that used in the British Airways breach, whereby little more than the form names and server destinations were altered. This suggests a systematic approach by Magecart, which has displayed a remarkable efficiency in exploiting vulnerabilities with minimal effort.
Business owners in the e-commerce sector should take this breach as a critical reminder of the ongoing threats faced in the digital landscape. Strategies such as implementing robust web application firewalls, frequent code audits, and user education about secure online practices can aid in mitigating the risks associated with such attacks.
For those who processed payments on Newegg’s website during the specified timeframe, immediate action is advisable. Customers should contact their banking institutions without delay to block their cards and request replacements.
The Newegg breach exemplifies the evolving tactics of cybercriminals, particularly those aligned with the MITRE ATT&CK framework. Initial access techniques likely included phishing or domain spoofing, while the persistence of the attack can be attributed to the skimmer code’s stealthy insertion. Given the ease with which these incidents can occur, vigilance and proactive security measures remain paramount in safeguarding sensitive customer data against future breaches.
