Newegg hack lasted over 1 month – Customer credit card info stolen

Written by Branton

Last updated Sep 22, 2018

newegg hack september 2018

You might think that a massive retailer like Newegg would be impervious to hacking, but that’s not the case. Newegg has confirmed that they have been hacked and YOUR credit card info might have been compromised.

Not good.

On September 19th, 2018, Newegg posted somewhat of an alert to their Twitter which outlined that one of their servers had been compromised and they would be sending emails to customers who might have been affected.

The hack is reported to have lasted roughly a month, starting on August 14th and allegedly getting fixed on September 18th, 2018. Any purchases made within this timeframe were subject to the hack, but that doesn’t guarantee your info has been stolen.

Based on reporting from RiskIQ – one of the 2 groups that discovered the hack – “The skimmer was put on the payment processing page itself, not in a script, so it would not show unless the payment page was hit.” That means, as long as you didn’t hit the payment processing page, you were not subjected to the hack. So, if you were just browsing around for the best price, chances are you’re safe.

As of right now, it’s known that the code used to hack Newegg will work on both desktop/laptop and mobile platforms. But, it’s unclear whether mobile users were actually affected to the same degree desktop/laptop users were.

According to security researchers at Volexity – the other of the 2 groups mentioned previously – this attack is potentially linked to Magecart, a hacker group that specializes in skimming credit card info from unsecured payment forms. Magecart is also suspected of pulling off the recent British Airways hack that took place from August 21st to September 5th. During that time, over 380,000 British Airways customers (using both the desktop website and mobile app) had their data compromised.

That’s a lot of people in a relatively short amount of time, roughly half the time Newegg was compromised for.

At the time of writing, there are no official estimates regarding how many customers were potentially impacted in the Newegg hack. However, it’s worth noting that traffic estimates for the British Airways website from SEMRush show 7.1-million viewers per month and Newegg receives an estimated 24.9-million per month. With that in mind, there was potentially a much larger number of people affected in the Newegg hack than there were in the British Airways hack based solely on the estimated amount of traffic each site receives.

However, traffic estimates are rarely accurate so don’t put too much faith behind those figures…

To summarize:

  • Newegg was hacked on August 14th
  • It was not fixed until September 18th
  • The hack specifically targetted Newegg’s payment processing page
  • If your info has been compromised then Newegg will have already sent you an email
0 0 votes
Article Rating

Inline Feedbacks
View all comments
September 24, 2018 10:05 am

Why aren’t more people talking about this?

September 20, 2018 6:52 pm

I just bought a bunch of things from there. Am I screwed?

Related Articles

A Review of the Razer DeathAdder V3 Pro: Gaming Without Limits

A Review of the Razer DeathAdder V3 Pro: Gaming Without Limits

Razer are responsible for creating what many people consider to be the first ever gaming mouse. They have made some of the most popular products in the entire world and have produced gaming peripherals for longer than pretty much everyone else. However, none of their...

Are Mechanical Keyboards the Key to Increased Efficiency?

Are Mechanical Keyboards the Key to Increased Efficiency?

The mythologized and all-consuming mechanical keyboards are possibly the most prized item in the world of PC peripherals. It has come to the point where, if you don't own one, you are made to feel as though you are entirely missing out and that your life is lacking...

Pulsar X2, Reasonable than Logitech G Pro?

Pulsar X2, Reasonable than Logitech G Pro?

Logitech’s G Pro might be the most famous mouse ever created. Everyone knows it is a high-quality head clicker used by some of the biggest names in Esports. It’s been that way since it came out; unfortunately, there has been one glaring issue with the G Pro and now...