The infamous cyber gang Magecart seems unstoppable. The gang has been around for quite a few years. However, this year, they came back with a lot of resilience. Magecart made it into the news after the British Airways data breach. From then on, it has alerted the news world with back to back cyber attacks on various firms. Recently, two cybersecurity firms discovered the same gang responsible for the NewEgg data breach which exposed customers’ credit card data.
NewEgg Data Breach Exposed Customers’ Credit Card Data
Recently, two cybersecurity firms Volexity and RiskIQ alerted to the same hacking incident relating to Magecart. Both firms discovered the NewEgg data breach that allegedly linked the same cyber gang that has been troubling many other companies.
With regard to the mode of attack, the researchers found that the hackers first registered a similar domain on Namecheap about a month ago. They intended to integrate this domain within the legit NewEgg website to steal customers’ details. According to RiskIQ,
“On August 13th Magecart operators registered a domain called neweggstats.com with the intent of blending in with Newegg’s primary domain, newegg.com. Registered through Namecheap, the malicious domain initially pointed to a standard parking host. However, the actors changed it to 18.104.22.168 a day later, a Magecart drop server where their skimmer backend runs to receive skimmed credit card information.”
The tactics employed in this attack appears similar to what the hackers did for the ABS-CBN breach. That is, targeting the checkout process. According to Volexity,
However, the code appeared more sophisticated than the one exploited in British Airways data breach.
Breach Possibly Affected Millions Of NewEgg Customers
As reported by Volexity, the malicious code was running on the website for over a month (since August 16, 2018). It was eventually removed on September 18, 2018.
The hackers may have affected millions of NewEgg customers during this one-month period. As checked by LHN via CuteStat.com, the NewEgg website receives 1,630,535 unique visitors daily. This equates to around 50 million customers in a month. So, we can expect that the hackers would have pilfered a large amount of user data from this site. The count is particularly dangerous keeping in mind the amount of explicit personal and financial details available during the attack period.