Hacked: Newegg suffers month-long card-skimming attack, exposing credit card details

Newegg

Just 15 lines of code was all it took for hackers to hijack the checkout of online retailer Newegg. The month-long attack took the form of a huge card skimming operation and is believed to have been carried out by the same group that was responsible for hacking both British Airways and Ticketmaster recently -- Magecart.

The hackers inserted car-skimming code into Newegg's payment page, and this script remained in place between August 14 and September 18. It is not known how many people may have been affected by the incident, but with millions of visitors each month, the numbers are potentially huge.

See also:

Details of the attack were revealed by security firms Volexity and RiskIQ who noted that it was nearly identical to the British Airways compromise. RiskIQ says: "The elements of the British Airways attacks were all present in the attack on Newegg: they integrated with the victim’s payment system and blended with the infrastructure, staying there as long as possible".

The attack was quite sophisticated, and details are still emerging. However, it seems that the Magecart hackers were able to inject code into secure.newegg.com which would then collect data and send it off to a separate domain owned and operated by the hackers.

Volexity explains:

Volexity was able to verify the presence of malicious JavaScript code limited to a page on secure.newegg.com presented during the checkout process at Newegg. The malicious code specifically appeared once when moving to the Billing Information page while checking out.  This page, located at the URL https://secure.newegg.com/GlobalShopping/CheckoutStep2.aspx, would collect form data, siphoning it back to the attackers over SSL/TLS via the domain neweggstats.com.

The JavaScript leveraged in this attack is very similar to that observed from the British Airways compromise. The code in this case is customized to work with the Newegg website and send data to a different domain the attackers created in an attempt to blend in with the website.  While the functionality of the script is nearly identical, it is worth noting that the attackers have managed to minimize the size of the script even more, from 22 lines of code in the British Airways attack to a mere 8 lines for Newegg, 15 if the code is beautified.

That the compromise went undetected greatly increases the number of potential victims, but Newegg has not yet released any information about the number of customers that may have been affected. An investigation is underway at the moment, and the company says that it will release more details in a FAQ by Friday.

Image credit: Sharaf Maksumov / Shutterstock

© 1998-2018 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.