Malicious steel credit card information customers Newegg

Sep

19

2018

Online retailer Newegg has informed customers of a data leak. For a month there was malicious code on the checkout page of the web shop, causing malicious people to lock out credit card data.

The malicious or malicious parties have succeeded in injecting fifteen lines of Javascript code on the https://secure.newegg.com/GlobalShopping/CheckoutStep2.aspx url, where customers arrive at the moment they are going to pay. The code forwards credit card data to a server on Neweggstats.com, states security company RiskIQ , where Dutch security researcher Yonathan Klijnsma investigated the data breach.

The malicious code on the Newegg page is of the type Magecart, which previously appeared at Ticketmaster and British Airways . It is unknown if the same group is behind it, although it is obvious. The code is similar to each other and has been on the site for a month. To access the page, the skimmer group must probably have had access to the Newegg backend. How that happened is unknown.

Newegg has informed customers, reports Klijnsma . The company says in the statement that it will publish a faq on Friday. At this moment the company does not yet know which customers have been affected. It is also unknown whether there are victims in the Benelux. That is possible, because customers from the Netherlands and Belgium also end up at the checkout on the mentioned url.

Malicious code on Newegg site
The malicious code on the Newegg site

Viewing:-44

In: A Technology & Gadgets Asked By: [20267 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »


Star Points Scale

Earn points for Asking and Answering Questions!

Grey Sta Levelr [1 - 25 Grey Star Level]
Green Star Level [26 - 50 Green Star Level]
Blue Star Level [51 - 500 Blue Star Level]
Orange Star Level [501 - 5000 Orange Star Level]
Red Star Level [5001 - 25000 Red Star Level]
Black Star Level [25001+ Black Star Level]