Hackers Steal Credit Cards from Online Retailer’s Own Checkout

Hackers Steal Credit Cards from Online Retailer’s Own Checkout

Attackers injected 15 lines of Javascript code into Newegg.com’s web store, forwarding payment information to their own server.

Popular online tech retailer Newegg scrambled to shut down an attack on their web store this week, after learning hackers had been poaching customer payment data from their own website since August.

Incident response firm Volexity discovered the card skimming malware and reported it to Newegg, who removed the offending code on Tuesday. The attackers, known as “Magecart,” had injected Javascript code into the payment form page. The code watched for a click on the payment button, then submitted the entire form to a remote server, the action disguised as a credit card authentication step in the payment process.

The code worked for both PC and mobile customers, but it is unknown if mobile customers were affected by the breach. In an email to customers, Newegg’s chief executive said the company had not yet determined which customers were at risk.

This comes on the heels of two other attacks, both carried out by Magecart in a very similar fashion. In June, ticket distribution giant Ticketmaster UK faced a hack taking advantage of a customer support chat bot, and then in early September, British Airways reported that customers who made bookings in late August through 5 September had their information compromised.

The code used to skim credit cards was almost identical in all three instances, as reported by a threat researcher at RiskIQ, a cybersecurity firm.

Newegg reassured customers that the breach had been fully shut, and their website was operational once again.

About the Author

Jordan Lutke is an intern with 1105 Media.

  • Environmental Protection
  • Occupational Health & Safety
  • Infrastructure Solutions Group
  • Spaces4Learning
  • Campus Security & Life Safety