Skip to main content

Newegg was cracked, customer data has leaked, and security is clearly scrambled

Credit Cards in Wallet
Chris Potter/Flickr

Technology fans hail Newegg as the ultimate online electronics retailer — but after a recent security breach, customers might be paying more than they thought. Newegg is one of a few companies to be hit by a bit of malicious code from hacking group Magecart, according to security firm RISKIQ. Shoppers who purchased from the online retailer might find their data compromised.

According to the report, Magecart was able to gain access to Newegg’s payment system; there, they installed malicious code into the company’s payment system to intercept confidential customer data. Whether shopping from a desktop or mobile browser or using Newegg’s iOS or Android apps, it is possible your credit card information may have been pinched.

Recommended Videos

RiskIQ notes that the malicious software infected Newegg’s systems and had been running since August 14; it was removed over a month later, on September 18. If you purchased from the electronics retailer between those dates, it is essential to keep an eye on your credit cards for any fraudulent activity. Newegg has sent a notice to their customers, but it is unclear exactly how many individuals were affected by the malicious attack.

Yesterday we learned one of our servers had been injected with malware which was identified and removed from our site. We’re conducting extensive research to determine exactly what info was obtained and are sending emails to customers potentially impacted. Please check your email

— Newegg (@Newegg) September 19, 2018

Newegg’s email response to customers noted that their systems were indeed “injected with malware,” and that the company is currently investigating the incident. The company notes that the email was sent to users whose accounts they felt were “at risk” — most likely those who made purchases between the dates noted above. Newegg has announced that it will publish an FAQ by Friday that addresses concerns and questions customers may have about the incident.

Security Experts at Volexity have investigated the Magecart attack, showcasing that the process was carried out by injecting malicious javascript into the source code of the retailer’s website. ClearSky notes that access to such systems is typically gained by exploiting vulnerabilities in various web hosting platforms.

Newegg isn’t the only company to find itself targeted by the notorious hacking group. Earlier this year, Magecart was behind hacking both British Airways and Ticketmaster’s systems to steal customer credit data. In the first case, it was reported that the British Airways incident affected over 380,000 card transactions.

Michael Archambault
Former Digital Trends Contributor
Michael Archambault is a technology writer and digital marketer located in Long Island, New York. For the past decade…
Hackers just stole personal data from millions of Acer customers
acer swift 3 13 2019 review acerswift3132019

Acer has just confirmed that its servers were beached by a group of hackers called Desorden. The hackers managed to steal over 60 gigabytes worth of data containing sensitive information about millions of Acer's customers.

The compromised information includes the names, addresses, and phone numbers of several million clients, but also restricted corporate financial data.

Read more
T-Mobile confirms hack, investigates whether customer data was stolen
A T-Mobile store.

T-Mobile has confirmed that its computer systems were accessed without permission and says it's now conducting an investigation to determine the full extent of the hack.

The announcement follows claims on Sunday, August 15, that a hacker was in possession of data belonging to 100 million T-Mobile customers and was trying to sell it via an underground forum.

Read more
T-Mobile investigating claims of massive hack involving customer data
T-Mobile storefront with corporate signage.

T-Mobile says it’s investigating claims of a major data breach that may affect as many as 100 million of its customers.

A message spotted on an underground forum on Sunday, August 15, came from someone claiming to be in possession of personal data belonging to 100 million people. The message made no mention of T-Mobile, but when the poster was contacted by news site Motherboard, it became apparent that the mobile company's customers were at the center of the alleged hack. The figure of 100 million would be remarkable as it's almost equal to T-Mobile's entire customer base.

Read more