Newegg hack lasted over 1 month – Customer credit card info stolen

Written by Branton

Last updated Sep 22, 2018

newegg hack september 2018

You might think that a massive retailer like Newegg would be impervious to hacking, but that’s not the case. Newegg has confirmed that they have been hacked and YOUR credit card info might have been compromised.

Not good.

On September 19th, 2018, Newegg posted somewhat of an alert to their Twitter which outlined that one of their servers had been compromised and they would be sending emails to customers who might have been affected.

The hack is reported to have lasted roughly a month, starting on August 14th and allegedly getting fixed on September 18th, 2018. Any purchases made within this timeframe were subject to the hack, but that doesn’t guarantee your info has been stolen.

Based on reporting from RiskIQ – one of the 2 groups that discovered the hack – “The skimmer was put on the payment processing page itself, not in a script, so it would not show unless the payment page was hit.” That means, as long as you didn’t hit the payment processing page, you were not subjected to the hack. So, if you were just browsing around for the best price, chances are you’re safe.

As of right now, it’s known that the code used to hack Newegg will work on both desktop/laptop and mobile platforms. But, it’s unclear whether mobile users were actually affected to the same degree desktop/laptop users were.

According to security researchers at Volexity – the other of the 2 groups mentioned previously – this attack is potentially linked to Magecart, a hacker group that specializes in skimming credit card info from unsecured payment forms. Magecart is also suspected of pulling off the recent British Airways hack that took place from August 21st to September 5th. During that time, over 380,000 British Airways customers (using both the desktop website and mobile app) had their data compromised.

That’s a lot of people in a relatively short amount of time, roughly half the time Newegg was compromised for.

At the time of writing, there are no official estimates regarding how many customers were potentially impacted in the Newegg hack. However, it’s worth noting that traffic estimates for the British Airways website from SEMRush show 7.1-million viewers per month and Newegg receives an estimated 24.9-million per month. With that in mind, there was potentially a much larger number of people affected in the Newegg hack than there were in the British Airways hack based solely on the estimated amount of traffic each site receives.

However, traffic estimates are rarely accurate so don’t put too much faith behind those figures…

To summarize:

  • Newegg was hacked on August 14th
  • It was not fixed until September 18th
  • The hack specifically targetted Newegg’s payment processing page
  • If your info has been compromised then Newegg will have already sent you an email
0 0 votes
Article Rating

Inline Feedbacks
View all comments
September 24, 2018 10:05 am

Why aren’t more people talking about this?

September 20, 2018 6:52 pm

I just bought a bunch of things from there. Am I screwed?

Related Articles

MAONO DM30 Microphone Review

MAONO DM30 Microphone Review

The MAONO DM30 microphone is probably one of the best budgets  microphones in the market right now, with great quality audio, good durability, and tasteful RGB. It comes in 4 different colors including black, white, purple, and pink. This microphone is connected to...

EKSA EM500 VS EM600 Gaming Mouse Review

EKSA EM500 VS EM600 Gaming Mouse Review

The EKSA EM500 Gaming Mouse is a super light and compact mouse weighing in at only 68g (2.39oz) which puts it on the lighter end of most gaming mice. It has a max DPI (dots per inch) of 12,400 with 6 intervals below that.  The mouse also comes with 8 programmable...