Newegg has since removed the code, but it's not certain how many people have been affected. We've asked the company for comment. In an email to customers, it said it had "not yet determined" which accounts had been compromised but was warning potentially affected users to watch their card activity. It promised an FAQ on the breach by September 21st.
It's not certain who's responsible, as the intruders went to pains to hide their identities (such as registering a domain with private details).
The attack could have far-reaching repercussions. The technology-focused shop is one of the largest online retailers in the US, with more than 45 million visitors every month. Even if only a fraction of those visitors make purchases, that's a large number of people whose cards might be in thieves' hands. The incident also suggests that Magecart is quickly becoming the weapon of choice for internet criminals who want to scoop up card data with relatively little effort.