You might think that a massive retailer like Newegg would be impervious to hacking, but that’s not the case. Newegg has confirmed that they have been hacked and YOUR credit card info might have been compromised.
Not good.
On September 19th, 2018, Newegg posted somewhat of an alert to their Twitter which outlined that one of their servers had been compromised and they would be sending emails to customers who might have been affected.
Yesterday we learned one of our servers had been injected with malware which was identified and removed from our site. We’re conducting extensive research to determine exactly what info was obtained and are sending emails to customers potentially impacted. Please check your email
— Newegg (@Newegg) September 19, 2018
The hack is reported to have lasted roughly a month, starting on August 14th and allegedly getting fixed on September 18th, 2018. Any purchases made within this timeframe were subject to the hack, but that doesn’t guarantee your info has been stolen.
Based on reporting from RiskIQ – one of the 2 groups that discovered the hack – “The skimmer was put on the payment processing page itself, not in a script, so it would not show unless the payment page was hit.” That means, as long as you didn’t hit the payment processing page, you were not subjected to the hack. So, if you were just browsing around for the best price, chances are you’re safe.
As of right now, it’s known that the code used to hack Newegg will work on both desktop/laptop and mobile platforms. But, it’s unclear whether mobile users were actually affected to the same degree desktop/laptop users were.
According to security researchers at Volexity – the other of the 2 groups mentioned previously – this attack is potentially linked to Magecart, a hacker group that specializes in skimming credit card info from unsecured payment forms. Magecart is also suspected of pulling off the recent British Airways hack that took place from August 21st to September 5th. During that time, over 380,000 British Airways customers (using both the desktop website and mobile app) had their data compromised.
That’s a lot of people in a relatively short amount of time, roughly half the time Newegg was compromised for.
At the time of writing, there are no official estimates regarding how many customers were potentially impacted in the Newegg hack. However, it’s worth noting that traffic estimates for the British Airways website from SEMRush show 7.1-million viewers per month and Newegg receives an estimated 24.9-million per month. With that in mind, there was potentially a much larger number of people affected in the Newegg hack than there were in the British Airways hack based solely on the estimated amount of traffic each site receives.
However, traffic estimates are rarely accurate so don’t put too much faith behind those figures…
To summarize:
- Newegg was hacked on August 14th
- It was not fixed until September 18th
- The hack specifically targetted Newegg’s payment processing page
- If your info has been compromised then Newegg will have already sent you an email
Why aren’t more people talking about this?
I just bought a bunch of things from there. Am I screwed?
Hey Justin,
It depends when you bought the items. If it was between August 14th – September 18th, then you should check your email for something from Newegg. If it was before/after that, then you’re probably fine.