Newegg hack lasted over 1 month – Customer credit card info stolen

Written by Branton

Last updated Sep 22, 2018

newegg hack september 2018

You might think that a massive retailer like Newegg would be impervious to hacking, but that’s not the case. Newegg has confirmed that they have been hacked and YOUR credit card info might have been compromised.

Not good.

On September 19th, 2018, Newegg posted somewhat of an alert to their Twitter which outlined that one of their servers had been compromised and they would be sending emails to customers who might have been affected.

The hack is reported to have lasted roughly a month, starting on August 14th and allegedly getting fixed on September 18th, 2018. Any purchases made within this timeframe were subject to the hack, but that doesn’t guarantee your info has been stolen.

Based on reporting from RiskIQ – one of the 2 groups that discovered the hack – “The skimmer was put on the payment processing page itself, not in a script, so it would not show unless the payment page was hit.” That means, as long as you didn’t hit the payment processing page, you were not subjected to the hack. So, if you were just browsing around for the best price, chances are you’re safe.

As of right now, it’s known that the code used to hack Newegg will work on both desktop/laptop and mobile platforms. But, it’s unclear whether mobile users were actually affected to the same degree desktop/laptop users were.

According to security researchers at Volexity – the other of the 2 groups mentioned previously – this attack is potentially linked to Magecart, a hacker group that specializes in skimming credit card info from unsecured payment forms. Magecart is also suspected of pulling off the recent British Airways hack that took place from August 21st to September 5th. During that time, over 380,000 British Airways customers (using both the desktop website and mobile app) had their data compromised.

That’s a lot of people in a relatively short amount of time, roughly half the time Newegg was compromised for.

At the time of writing, there are no official estimates regarding how many customers were potentially impacted in the Newegg hack. However, it’s worth noting that traffic estimates for the British Airways website from SEMRush show 7.1-million viewers per month and Newegg receives an estimated 24.9-million per month. With that in mind, there was potentially a much larger number of people affected in the Newegg hack than there were in the British Airways hack based solely on the estimated amount of traffic each site receives.

However, traffic estimates are rarely accurate so don’t put too much faith behind those figures…

To summarize:

  • Newegg was hacked on August 14th
  • It was not fixed until September 18th
  • The hack specifically targetted Newegg’s payment processing page
  • If your info has been compromised then Newegg will have already sent you an email
0 0 votes
Article Rating

Inline Feedbacks
View all comments
September 24, 2018 10:05 am

Why aren’t more people talking about this?

September 20, 2018 6:52 pm

I just bought a bunch of things from there. Am I screwed?

Related Articles

ROCCAT Syn Buds Air Review

ROCCAT Syn Buds Air Review

The ROCCAT Syn Buds Air are a compact wireless low-latency pair of earbuds. These earbuds have a 20-hour battery life, the earbuds having 5 hours of life while the charging case provides an additional 15 hours. These earbuds also come with 60ms low-latency mode for...

ROCCAT Vulcan TKL Pro Mechanical Gaming Keyboard Review

ROCCAT Vulcan TKL Pro Mechanical Gaming Keyboard Review

The ROCCAT Vulcan TKL Pro gaming keyboard is a higher end keyboard that comes with ROCCAT’s optical linear Titan switches that are great for gaming! This keyboard comes with a robust design, media controls and amazing RGB. This keyboard comes with advanced...

Ryzen 7 3700x vs Ryzen 5 3600 vs Ryzen 9 3900x

Ryzen 7 3700x vs Ryzen 5 3600 vs Ryzen 9 3900x

Most of you know choosing the best hardware for your PC is never an easy job. While spending thousands and hundreds of dollars on a single component with a diverse range of products of the same category puts the builder in a conflicted situation. Understandingly, AMD...