Malicious steel credit card information customers Newegg




Online retailer Newegg has informed customers of a data leak. For a month there was malicious code on the checkout page of the web shop, causing malicious people to lock out credit card data.

The malicious or malicious parties have succeeded in injecting fifteen lines of Javascript code on the url, where customers arrive at the moment they are going to pay. The code forwards credit card data to a server on, states security company RiskIQ , where Dutch security researcher Yonathan Klijnsma investigated the data breach.

The malicious code on the Newegg page is of the type Magecart, which previously appeared at Ticketmaster and British Airways . It is unknown if the same group is behind it, although it is obvious. The code is similar to each other and has been on the site for a month. To access the page, the skimmer group must probably have had access to the Newegg backend. How that happened is unknown.

Newegg has informed customers, reports Klijnsma . The company says in the statement that it will publish a faq on Friday. At this moment the company does not yet know which customers have been affected. It is also unknown whether there are victims in the Benelux. That is possible, because customers from the Netherlands and Belgium also end up at the checkout on the mentioned url.

Malicious code on Newegg site
The malicious code on the Newegg site


In: A Technology & Gadgets Asked By: [23616 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »