The skimmer, injected into the store’s payment page, harvested credit-card details from the store’s customers for more than a month

The major electronics and computer hardware retailer has announced that attackers have its online payments , potentially scooping up buyers’ credit-card over a period of more than a month.

“Yesterday we learned one of our servers had been injected with malware which was identified and removed from our site,” the company said in a statement on Twitter.

According to reports by threat management outfits RiskIQ and Volexity, which jointly uncovered the , the data exfiltration lasted from around August 14 to September 18. The attack relied on malicious JavaScript code that was injected into the store’s payment-processing page, where customers input their credit card details.

The malicious script, which worked on both the website’s desktop and mobile version, would then forward the data to a server with a (no longer active) domain. The domain, neweggstats.com, was designed to blend in with the legitimate newegg.com website, having been set up for that purpose – and with a valid HTTPS certificate at that – on August 13.

The attack has been attributed to a threat collective known as Magecart, which, according to RiskIQ, is also to blame for the recent breach at British Airways, as well as for the breach at Ticketmaster’s UK site.

The script, which only contains 15 lines, has been removed after RiskIQ and Volexity alerted Newegg to the compromise. While customized to steal data from the Newegg website, the script is similar to the one leveraged in the British Airways compromise, said Volexity.

It’s unclear at this point how many people have been . Newegg.com is the 164th most popular website in the US, according to Alexa, and it receives some 50 million visitors per month. Anybody who made a purchase on the website between August 14 and September 18 should keep their eyes peeled for any suspicious activity on their bank accounts.








Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here