The online retailer sees about 50 million monthly visitors and has a business valued at USD 2.65 billion, according to The Verge. The breach was uncovered by threat management company RiskIQ and Volexity, a cybersecurity company.
Apparently, hackers injected 15 lines of code into Newegg’s payments webpage that’s accessible through mobile and desktop, and it stayed on the page from August 14th to September 18th. The script, placed on the final checkout page, would skim credit card info. Credit card data was then sent to a server of a similar domain name and an HTTPS certificate that was actually controlled by the hackers.
According to RiskIQ experts, the attack follows a similar pattern with Ticketmaster UK and British Airways incidents, and the group behind all three data breaches is Magecart.
Newegg sent out emails to customers who made purchases during the one-month time period. Moreover, users who made purchases during the past month are advised to keep an eye on their bank accounts for suspicious activity.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now