Newegg data breach exposed customer credit card info, says report | Cyber Security
Security researchers RiskIQ said Wednesday that Magecart inserted malicious code into the payments system of the hardware and electronics retailer and made off with charge card data.
The nasty code was running on the Newegg site from Aug. 14 until Sept. 18, according to RiskIQ, which researched the incident with cybersecurity firm Volexity. The attack affected both desktop and mobile customers, according to RiskIQ. It’s unclear how many customers were hit.
Newegg didn’t immediately respond to a request for comment on the RiskIQ report.
The retailer appears to be the latest victim of Magecart, which RiskIQ researchers say is also responsible for recent hacks against British Airways and Ticketmaster.
Earlier this month, British Airways said it was investigating a data breach and the theft of customer info. The company said the breach was resolved but customers’ personal and financial information was exposed if they’d made bookings during the previous couple of weeks. Roughly 380,000 card transactions were reportedly affected.
The Ticketmaster breach happened earlier in June, with personal and credit card info being pilfered.
“These attacks are not confined to certain geolocations or specific industries—any organization that processes payments online is a target,” said Yonathan Klijnsma, a threat researcher at RiskIQ, in an email statement. “The latest breach of Newegg demonstrates the true extent of Magecart operators’ reach.”
Security: Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.
Taking It to Extremes: Mix insane situations — erupting volcanoes, nuclear meltdowns, 30-foot waves — with everyday tech. Here’s what happens.
First published on Sept. 19, 10:25 a.m. PT.
Updates, 1:13 p.m. PT: Adds Yonathan Klijnsma statement.