Technology fans hail Newegg as the ultimate online electronics retailer — but after a recent security breach, customers might be paying more than they thought. Newegg is one of a few companies to be hit by a bit of malicious code from hacking group Magecart, according to security firm RISKIQ. Shoppers who purchased from the online retailer might find their data compromised.
According to the report, Magecart was able to gain access to Newegg’s payment system; there, they installed malicious code into the company’s payment system to intercept confidential customer data. Whether shopping from a desktop or mobile browser or using Newegg’s iOS or Android apps, it is possible your credit card information may have been pinched.
RiskIQ notes that the malicious software infected Newegg’s systems and had been running since August 14; it was removed over a month later, on September 18. If you purchased from the electronics retailer between those dates, it is essential to keep an eye on your credit cards for any fraudulent activity. Newegg has sent a notice to their customers, but it is unclear exactly how many individuals were affected by the malicious attack.
Yesterday we learned one of our servers had been injected with malware which was identified and removed from our site. We’re conducting extensive research to determine exactly what info was obtained and are sending emails to customers potentially impacted. Please check your email
— Newegg (@Newegg) September 19, 2018
Newegg’s email response to customers noted that their systems were indeed “injected with malware,” and that the company is currently investigating the incident. The company notes that the email was sent to users whose accounts they felt were “at risk” — most likely those who made purchases between the dates noted above. Newegg has announced that it will publish an FAQ by Friday that addresses concerns and questions customers may have about the incident.
Security Experts at Volexity have investigated the Magecart attack, showcasing that the process was carried out by injecting malicious javascript into the source code of the retailer’s website. ClearSky notes that access to such systems is typically gained by exploiting vulnerabilities in various web hosting platforms.
Newegg isn’t the only company to find itself targeted by the notorious hacking group. Earlier this year, Magecart was behind hacking both British Airways and Ticketmaster’s systems to steal customer credit data. In the first case, it was reported that the British Airways incident affected over 380,000 card transactions.