There's no shortage of stories about the many ways companies can accidentally leave their customers' private data exposed on the internet, and that can be a scary thought. But it can be even worse than that when third-party entities go out of their way to infiltrate the websites of such companies to actually steal sensitive information, which has apparently happened to online retailer Newegg over the past month.
A report by security researchers from RiskIQ, who worked together with cybersecurity firm Volexity, says that a hacking group known as Magecart recently targeted the company's customers with a cleverly designed attack. The group registered the neweggstats.com domain, which looks fairly legitimate at first sight, especially being that the domain had a certificate issued by COMODO. The attackers then set the domain up to skim the credit card information of customers and placed the skimmer on the payment page of the checkout process, which affected both mobile and desktop devices.
The relatively official-looking domain name, as well as the way it was blended into the checkout process, meant that the majority of people probably wouldn't have any idea what was going on. Unfortunately, it would appear that Newegg itself took some time to notice it as well. According to the report, the malicious code first became active on August 14, and it was only finally removed from the website on September 18, yesterday. Newegg is estimated to get about 50 million visitors per month, and while it's unlikely that every visit turns into a transaction, the scale of the attack may have been quite significant.
This apparently isn't the first major attack carried out by Magecart. Just last week, the same security research firm posted information about a similar strategy being used to target British Airways customers, and even the code used in the two hits is very similar.
Newegg hasn't commented on the report yet, but customers who made purchases during the affected period will probably want to take any measures necessary to secure their payment information.
12 Comments - Add comment