The online retailer sees about 50 million monthly visitors and has a business valued at USD 2.65 billion, according to The Verge. The breach was uncovered by threat management company RiskIQ and Volexity, a cybersecurity company.
Apparently, hackers injected 15 lines of code into Newegg’s payments webpage that’s accessible through mobile and desktop, and it stayed on the page from August 14th to September 18th. The script, placed on the final checkout page, would skim credit card info. Credit card data was then sent to a server of a similar domain name and an HTTPS certificate that was actually controlled by the hackers.
According to RiskIQ experts, the attack follows a similar pattern with Ticketmaster UK and British Airways incidents, and the group behind all three data breaches is Magecart.
Newegg sent out emails to customers who made purchases during the one-month time period. Moreover, users who made purchases during the past month are advised to keep an eye on their bank accounts for suspicious activity.
The Paypers is the Netherlands-based leading independent source of news and intelligence for professional in the global payment community.
The Paypers provides a wide range of news and analysis products aimed at keeping the ecommerce, fintech, and payment professionals informed about the latest developments in the industry.
Current themes
No part of this site can be reproduced without explicit permission of The Paypers (v2.7).
Privacy Policy / Cookie Statement
Copyright