Newegg hack lasted over 1 month – Customer credit card info stolen

Updated: September 22nd, 2018Author: BrantonCategory: Gaming & News3 Comments

newegg hack september 2018

You might think that a massive retailer like Newegg would be impervious to hacking, but that’s not the case. Newegg has confirmed that they have been hacked and YOUR credit card info might have been compromised.

Not good.

On September 19th, 2018, Newegg posted somewhat of an alert to their Twitter which outlined that one of their servers had been compromised and they would be sending emails to customers who might have been affected.

The hack is reported to have lasted roughly a month, starting on August 14th and allegedly getting fixed on September 18th, 2018. Any purchases made within this timeframe were subject to the hack, but that doesn’t guarantee your info has been stolen.

Based on reporting from RiskIQ – one of the 2 groups that discovered the hack – “The skimmer was put on the payment processing page itself, not in a script, so it would not show unless the payment page was hit.” That means, as long as you didn’t hit the payment processing page, you were not subjected to the hack. So, if you were just browsing around for the best price, chances are you’re safe.

As of right now, it’s known that the code used to hack Newegg will work on both desktop/laptop and mobile platforms. But, it’s unclear whether mobile users were actually affected to the same degree desktop/laptop users were.

According to security researchers at Volexity – the other of the 2 groups mentioned previously – this attack is potentially linked to Magecart, a hacker group that specializes in skimming credit card info from unsecured payment forms. Magecart is also suspected of pulling off the recent British Airways hack that took place from August 21st to September 5th. During that time, over 380,000 British Airways customers (using both the desktop website and mobile app) had their data compromised.

That’s a lot of people in a relatively short amount of time, roughly half the time Newegg was compromised for.

At the time of writing, there are no official estimates regarding how many customers were potentially impacted in the Newegg hack. However, it’s worth noting that traffic estimates for the British Airways website from SEMRush show 7.1-million viewers per month and Newegg receives an estimated 24.9-million per month. With that in mind, there was potentially a much larger number of people affected in the Newegg hack than there were in the British Airways hack based solely on the estimated amount of traffic each site receives.

However, traffic estimates are rarely accurate so don’t put too much faith behind those figures…

To summarize:

  • Newegg was hacked on August 14th
  • It was not fixed until September 18th
  • The hack specifically targetted Newegg’s payment processing page
  • If your info has been compromised then Newegg will have already sent you an email
About the Author
mm

Branton

Facebook Twitter

Hey there! I'm Branton, the founder and lead editor here at PC Game Haven. Since our launch in 2015, we've helped thousands upon thousands of gamers build their dream desktops, find the perfect peripherals, and more. Thanks for stopping by!

avatar
2 Comment threads
1 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
Anonymous
Guest
Anonymous

Why aren’t more people talking about this?

Justin
Guest
Justin

I just bought a bunch of things from there. Am I screwed?