Hackers Stole Customer Credit Cards in Newegg Data Breach

Newegg is clearing up its website after a month-long data breach. TechCrunch: Hackers injected 15 lines of card skimming code on the online retailer's payments page which remained for more than a month between August 14 and September 18, Yonathan Klijnsma, a threat researcher at RiskIQ, told TechCrunch. The code siphoned off credit card data from unsuspecting customers to a server controlled by the hackers with a similar domain name -- likely to avoid detection. The server even used an HTTPS certificate to blend in. The code also worked for both desktop and mobile customers -- though it's unclear if mobile customers are affected.

The online electronics retailer removed the code on Tuesday after it was contacted by incident response firm Volexity, which first discovered the card skimming malware and reported its findings. Newegg is one of the largest retailers in the US, making $2.65 billion in revenue in 2016. The company touts more than 45 million monthly unique visitors, but it's not known precisely how many customers completed transactions during the period.

Re:My current rating for NewEgg is...

Was that when they stopped being price competitive with freaking brick and mortar mom and pop stores? Or when they started cleverly listing junk from seedy third parties?

NewEgg turned to shit long ago, and has been sliding further ever since.

Links to RiskIQ and Volexity reports

[bosef1]

Here are the links to the original RiskIQ and Volexity reports on the breach.

RiskIQ: https://www.riskiq.com/blog/la...

Volexity: https://www.volexity.com/blog/...

They're conclusion is basically to get a new credit card number if you transacted with Newegg from 13 Aug through 18 Sep 2018.