The infamous criminal collective known as Magecart has successfully infiltrated the Newegg site and stole the stored payment card details stored by the company’s customers. This is a critical breach into the online merchant’s systems as the criminals were able to obtain a very large database of sensitive content. This is a yet-another infiltration of this hacker group which shows that its members are capable of getting into many major online services and companies.
Magecart Hackers Hacked Newegg & Acquired Customer Payment Card Data
The Magecart hackers have made another major hit this time infiltrating the secure servers belonging to Newegg. The known information so far is that this affects all entered data in the period August 14 to September 18 this year. The cause of the card details theft is through the use of a technique called digital skimmer — the hackers have embedded JavaScript code into the checkout page of the service. This means that every time the criminals enter their payment card details they will be sent to a remote server operated by the criminals. This is done only with a few lines of JavaScript code.
The exact attack mechanism that allowed the intrusion is the creation of a similar sounding domain called neweggstats which appears to have been created back in 2015. The hackers have been able to acquire a SSL certificate issued by a legitimate provider. By infiltrating the Newegg servers and specifically the checkout page used by the payment processor. The hacker-controlled page will be the one that will acquire the information.
Both desktop and mobile customers are affected by the breach however the number of affected customers is not known. Statistics showcase that more the site has more than 50 million visitors. The fact that the digital skimmer code was available for a significant period of time gives security researchers reasons to believe that millions of customers are potentially affected.
Two years ago a report has shown that the same collective was responsible for another major attack focusing on a large number of sites. A similar strategy was used to back then showing that the criminals are specialized in this strategy.
Following the incident Newegg posted a Tweet with their comment:
Yesterday we learned one of our servers had been injected with malware which was identified and removed from our site. We’re conducting extensive research to determine exactly what info was obtained and are sending emails to customers potentially impacted. Please check your email
— Newegg (@Newegg) September 19, 2018
We anticipate that the Magecart hackers will continue with their attacks. The worrisome act is that there is no information available about the exact way they were able to breach the secure servers.
thanks