Hackers Steal Credit Cards from Online Retailer’s Own Checkout

Hackers Steal Credit Cards from Online Retailer’s Own Checkout

Attackers injected 15 lines of Javascript code into Newegg.com’s web store, forwarding payment information to their own server.

Popular online tech retailer Newegg scrambled to shut down an attack on their web store this week, after learning hackers had been poaching customer payment data from their own website since August.

Incident response firm Volexity discovered the card skimming malware and reported it to Newegg, who removed the offending code on Tuesday. The attackers, known as “Magecart,” had injected Javascript code into the payment form page. The code watched for a click on the payment button, then submitted the entire form to a remote server, the action disguised as a credit card authentication step in the payment process.

The code worked for both PC and mobile customers, but it is unknown if mobile customers were affected by the breach. In an email to customers, Newegg’s chief executive said the company had not yet determined which customers were at risk.

This comes on the heels of two other attacks, both carried out by Magecart in a very similar fashion. In June, ticket distribution giant Ticketmaster UK faced a hack taking advantage of a customer support chat bot, and then in early September, British Airways reported that customers who made bookings in late August through 5 September had their information compromised.

The code used to skim credit cards was almost identical in all three instances, as reported by a threat researcher at RiskIQ, a cybersecurity firm.

Newegg reassured customers that the breach had been fully shut, and their website was operational once again.

About the Author

Jordan Lutke is an intern with 1105 Media.

Featured

New Products

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.