MageCart Hacked Customers’ In NewEgg Credit Card Data Breach

The infamous cyber gang Magecart seems unstoppable. The gang has been around for quite a few years. However, this year, they came back with a lot of resilience. Magecart made it into the news after the British Airways data breach. From then on, it has alerted the news world with back to back cyber attacks on various firms. Recently, two cybersecurity firms discovered the same gang responsible for the NewEgg data breach which exposed customers’ credit card data.

NewEgg Data Breach Exposed Customers’ Credit Card Data

Recently, two cybersecurity firms Volexity and RiskIQ alerted to the same hacking incident relating to Magecart. Both firms discovered the NewEgg data breach that allegedly linked the same cyber gang that has been troubling many other companies.

With regard to the mode of attack, the researchers found that the hackers first registered a similar domain on Namecheap about a month ago. They intended to integrate this domain within the legit NewEgg website to steal customers’ details. According to RiskIQ,

“On August 13th Magecart operators registered a domain called neweggstats.com with the intent of blending in with Newegg’s primary domain, newegg.com.  Registered through Namecheap, the malicious domain initially pointed to a standard parking host. However, the actors changed it to 217.23.4.11 a day later, a Magecart drop server where their skimmer backend runs to receive skimmed credit card information.”

The tactics employed in this attack appears similar to what the hackers did for the ABS-CBN breach. That is, targeting the checkout process. According to Volexity,

“Volexity was able to verify the presence of malicious JavaScript code limited to a page on secure.newegg.com presented during the checkout process at Newegg. The malicious code specifically appeared once when moving to the Billing Information page while checking out.  This page, located at the URL https://secure.newegg.com/GlobalShopping/CheckoutStep2.aspx, would collect form data, siphoning it back to the attackers over SSL/TLS via the domain neweggstats.com.”

However, the code appeared more sophisticated than the one exploited in British Airways data breach.

Breach Possibly Affected Millions Of NewEgg Customers

As reported by Volexity, the malicious code was running on the website for over a month (since August 16, 2018). It was eventually removed on September 18, 2018.

The hackers may have affected millions of NewEgg customers during this one-month period. As checked by LHN via CuteStat.com, the NewEgg website receives 1,630,535 unique visitors daily. This equates to around 50 million customers in a month. So, we can expect that the hackers would have pilfered a large amount of user data from this site. The count is particularly dangerous keeping in mind the amount of explicit personal and financial details available during the attack period.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients