Latest in Gear

Image credit:

Newegg fell victim to month-long card skimming hack

The culprits used the same tools as in major UK attacks.
Jon Fingas, @jonfingas
September 19, 2018
Share
Tweet
Share

Sponsored Links

Reuters/Mario Anzuoni

It's not just British companies succumbing to large-scale payment data breaches in recent weeks. RiskIQ and Volexity have discovered that hackers inserted Magecart card skimming code into Newegg's payment page between August 14th and September 18th, intercepting credit card data and sending it to a server with a similar-looking domain.

Newegg has since removed the code, but it's not certain how many people have been affected. We've asked the company for comment. In an email to customers, it said it had "not yet determined" which accounts had been compromised but was warning potentially affected users to watch their card activity. It promised an FAQ on the breach by September 21st.

It's not certain who's responsible, as the intruders went to pains to hide their identities (such as registering a domain with private details).

The attack could have far-reaching repercussions. The technology-focused shop is one of the largest online retailers in the US, with more than 45 million visitors every month. Even if only a fraction of those visitors make purchases, that's a large number of people whose cards might be in thieves' hands. The incident also suggests that Magecart is quickly becoming the weapon of choice for internet criminals who want to scoop up card data with relatively little effort.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Microsoft Teams will add breakout rooms and automated meeting recaps

Microsoft Teams will add breakout rooms and automated meeting recaps

View
Tesla's 1,100HP 'Plaid' Model S sport sedan will arrive in late 2021

Tesla's 1,100HP 'Plaid' Model S sport sedan will arrive in late 2021

View
179 arrested in 'Operation DisrupTor' dark web drug takedown

179 arrested in 'Operation DisrupTor' dark web drug takedown

View
Amazon says it has nothing to do with the Echelon 'Prime Bike'

Amazon says it has nothing to do with the Echelon 'Prime Bike'

View
Tesla lays out 'Battery Day' plans that lead to a $25,000 electric car

Tesla lays out 'Battery Day' plans that lead to a $25,000 electric car

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr