Technology, Top News

Hackers crack Newegg’s shell and pilfer customer credit card data

HARDWARE FLOGGER Newegg was found to have suffered a data breach that exposed its customers’ credit card information to hackers for a month.

The data exposure was found by cyber security firm Volexity and threat sniffer RiskIQ, which explained that hackers had got into the payments page of Newegg’s website by injecting 15 lines of JavaScript malicious code into it.

The code lurked on the site from 14 August to 18 September, with malicious script placed on the checkout page of the retail site which was found to skim users’ credit card info.

That data was then sent to a hacker-controlled server that used a similar domain name and HTTPS certificate to the Newegg site.

This data breach attack is being attributed to the same hackers who swiped the data of British Airways customers after using a similar skimming code in the airline’s payment pages.

“The JavaScript leveraged in this attack is very similar to that observed from the British Airways compromise. The code in this case is customised to work with the Newegg website and send data to a different domain the attackers created in an attempt to blend in with the website,” explained Volexity.

“While the functionality of the script is nearly identical, it is worth noting that the attackers have managed to minimise the size of the script even more, from 22 lines of code in the British Airways attack to a mere eight lines for Newegg, 15 if the code is beautified.”

And the blame for both data breaches is being laid at the doorstep of hacker group Magecart, at least it is by RiskIQ,

“The skimmer code is recognizable from the British Airways incident, with the same basecode. All the attackers changed is the name of the form it needs to serialize to obtain payment information and the server to send it to, this time themed with Newegg instead of British Airways,” the company said.

Volexity agrees but also shed light on concerns on how JavaScript was being used to facilitate such data breaches.

“While Magecart may be a major threat which eCommerce companies need to protect against, the larger issue is the increasing use of JavaScript-based Data Theft Frameworks.  MageCart, as well as other criminal tools such as JS Sniffer, show how a few simple lines of JavaScript on a compromised eCommerce site can lead to a devastating amount of information being stolen. With minimal setup or knowledge required, these attacks will surely increase as time goes on,” the cyber security company said.

There’s no word on how many people the Newegg attack affected, but the company is alerting its customers, and given this was a deliberate rather than accidental data breach there’s a good change swiped credit card details could be used for fraud activity or sold on the dark web.

As such, Newegg customers would do well to keep an eye on their bank and credit card accounts to spot any dodgy activity before some hacker runs off with their hard-earned cash. µ

Further reading

Source : Inquirer

Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

Send this to a friend