Chris Potter/Flickr
Technology fans have hailed Newegg as the ultimate online electronics retailer, but with a recent security breach, customers might be paying more than they thought. A report from the security firm RISKIQ reported that Newegg is one of a few companies to be hit by a bit of malicious code from the hacking group Magecart. Shoppers who purchased from the online retailer might find their data compromised.
According to the report, Magecart was able to gain access to Newegg’s payment system; there, they installed malicious code into the company’s payment system to intercept confidential customer data. Whether shopping from a desktop or mobile browser or using Newegg’s iOS or Android apps, it is possible your credit card information may have been pinched.
RiskIQ notes that the malicious software infected Newegg’s systems and had been running since August 14; it was removed over a month later, on September 18. If you purchased from the electronics retailer between those dates, it is essential to keep an eye on your credit cards for any fraudulent activity. Newegg has sent a notice to their customers, but it is unclear exactly how many individuals were affected by the malicious attack.
Newegg’s email response to customers noted that their systems were indeed “injected with malware,” and that the company is currently investigating the incident. The company notes that the email was sent to users whose accounts they felt were “at risk” — most likely those who made purchases between the dates noted above. Newegg has announced that it will publish an FAQ by Friday that addresses concerns and questions customers may have about the incident.
Security Experts at Volexity have investigated the Magecart attack, showcasing that the process was carried out by injecting malicious javascript into the source code of the retailer’s website. ClearSky notes that access to such systems is typically gained by exploiting vulnerabilities in various web hosting platforms.
Newegg isn’t the only company to find itself targeted by the notorious hacking group. Earlier this year, Magecart was behind hacking both British Airways and Ticketmaster’s systems to steal customer credit data. In the first case, it was reported that the British Airways incident affected over 380,000 card transactions.
Editors’ Recommendations
- Dixons Carphone hack exposes 5.9 million cards, 10 million accounts
- Millions of health records may be at stake in ransomware attack
- Netgear router bug let hackers steal classified documents on drones, tanks
- British Airways data hack hits 380,000 recent customers
- PayPal no longer the only payment system for eBay – Apple Pay is coming soon