Newegg data breach magecart hackers

Magecart Hackers Attack Newegg! Latest Data Breach

Data Breach Alert! The cybercriminals, Magecart Hackers, are at it again! Ticketmaster, British Airways, and now Newegg! 

Magecart Hackers

The infamous hacking group, known as Magecart hackers, invaded Newegg’s website and stole credit card details of people who purchased anything from August 14 to September 18, 2018.

The Hack

Using a digital credit card skimmer as well as entering malicious Javascript code at the checkout page on Newegg’s website, Magecart Hackers were capturing payment information as customers made their purchases.  Payment information was sent to a remote server.

It seems that Magecart Hackers planned this scheme back in 2015.  They registered a domain, almost identical to Newegg’s domain,  The domain was active since 2015, but registered on August 13, a day before the attack began.

A skimmer code was then inserted onto the Newegg’s checkout page.  When the customer completed their shopping on the website and continue to checkout, they enter delivery information, confirm their address, then input payment information.

As soon as the submit button is hit, the skimmer code that was entered in the Javascript immediately forwards this information to the hacker’s domain,, without disrupting the checkout process.

Newegg’s Data Breach

Both mobile and desktop customers were affected by this breach.  It is unknown exactly how many customers were impacted by this breach, but 50 million shoppers consistently visit Newegg each month.  Since the scheme was a little over a month long, it may be assumed that about a million Newegg customers had their information exposed.

As mentioned before, this wasn’t Magecart’s first devious act. These hackers are responsible for the British Airways website, compromising sensitive payment information from 380,000 victims.

“The skimmer code [used in the Newegg breach] is recognizable from the British Airways incident, with the same basecode,” security researchers said. “All the attackers changed is the name of the form it needs to serialize to obtain payment information and the server to send it to, this time themed with Newegg instead of British Airways.”

If you made a purchase on Newegg between August 14 through September 18, you should contact your bank immediately.  They will help you block your current payment card, and replace it with a new one.  Security researchers don’t believe this is the last we will see of Magecart Hackers.

Original Article Found Here.

  • 1