Personal computing discussed

Moderators: renee, Hoser

 
Bauxite
Gerbil Elite
Topic Author
Posts: 788
Joined: Sat Jan 28, 2006 12:10 pm
Location: electrolytic redox smelting plant

Newegg CC Breach Aug-Sept (not a deal but...)

Wed Sep 19, 2018 11:53 am

Noscript and similar probably prevented your data theft if you bought anything from the desktop (letting every site in the world shove random javascript down your cpu is bad):

https://www.volexity.com/blog/2018/09/1 ... in-newegg/
https://www.riskiq.com/blog/labs/magecart-newegg/

Not sure about those that used the phone app as some "custom" apps are really just simple web-wrappers for a mobile site, while others use dedicated APIs etc.
TR RIP 7/7/2019
 
Neutronbeam
Gerbil XP
Posts: 460
Joined: Mon Mar 20, 2006 10:07 am
Location: Dunwoody, Georgia USA
Contact:

Re: Newegg CC Breach Aug-Sept (not a deal but...)

Wed Sep 19, 2018 12:07 pm

Yeah, I got an 'egg corporate email about this today. Good luck to the 'egg and all of us customers.
"the work goes on, the cause endures, the hope still lives, and the dream shall never die." -- Senator Ted Kennedy, 1980 Democratic National Convention speech
 
mikepers
Gerbil
Posts: 29
Joined: Fri Dec 16, 2011 4:47 pm

Re: Newegg CC Breach Aug-Sept (not a deal but...)

Wed Sep 19, 2018 12:12 pm

Wouldn't you know it, I ordered something from Newegg on the 14th of September....

Guess I'll go give Amex a call...
 
steelcity_ballin
Gerbilus Supremus
Posts: 12072
Joined: Mon May 26, 2003 5:55 am
Location: Pittsburgh PA

Re: Newegg CC Breach Aug-Sept (not a deal but...)

Wed Sep 19, 2018 12:13 pm

Haven't used the egg in years, probably since around they time they were bought. They just aren't competitive with a number of other outlets I can use. Their customer service was always the best though, don't know much about it these days.
 
Redocbew
Minister of Gerbil Affairs
Posts: 2495
Joined: Sat Mar 15, 2014 11:44 am

Re: Newegg CC Breach Aug-Sept (not a deal but...)

Wed Sep 19, 2018 12:19 pm

Yeah I haven't bought anything from Newegg in maybe 15 years. It seems like they've circling the drain for a while now. Breaches using some form of XSS are unfortunately pretty common though.
Do not meddle in the affairs of archers, for they are subtle and you won't hear them coming.
 
Usacomp2k3
Gerbil God
Posts: 23043
Joined: Thu Apr 01, 2004 4:53 pm
Location: Orlando, FL
Contact:

Re: Newegg CC Breach Aug-Sept (not a deal but...)

Wed Sep 19, 2018 12:37 pm

Redocbew wrote:
Yeah I haven't bought anything from Newegg in maybe 15 years.

Me neither. Basically not since Amazon added Prime.
 
ludi
Lord High Gerbil
Posts: 8646
Joined: Fri Jun 21, 2002 10:47 pm
Location: Sunny Colorado front range

Re: Newegg CC Breach Aug-Sept (not a deal but...)

Wed Sep 19, 2018 12:40 pm

I did buy a monitor and some cables recently, but fortunately, the payment method was a single-use VISA gift card that is now empty and destroyed. So that's not so bad.
Abacus Model 2.5 | Quad-Row FX with 256 Cherry Red Slider Beads | Applewood Frame | Water Cooling by Brita Filtration
 
demani
Gerbil
Posts: 33
Joined: Tue Jan 01, 2002 7:00 pm

Re: Newegg CC Breach Aug-Sept (not a deal but...)

Wed Sep 19, 2018 1:15 pm

Huh, I haven't seen anything and I'm pretty sure I did place some orders.
Its funny, I do use them because I feel like the search works better-Amazon's is so haphazard and things are marked in such a nonstandard way that I often can't find what I'm looking for. Of course, sometimes I then find an item number and then check it on Amazon too.
But I like ordering from Newegg as most of the time I get things next-day (if it ships out of the Elizabeth, NJ warehouse), plus no sales tax. Amazon often hands off to USPS and that messes up deliveries even further.
 
Redocbew
Minister of Gerbil Affairs
Posts: 2495
Joined: Sat Mar 15, 2014 11:44 am

Re: Newegg CC Breach Aug-Sept (not a deal but...)

Wed Sep 19, 2018 1:37 pm

I did that for a while. I would search at Newegg and then buy at Amazon, but these days I'm not buying hardware as frequently as I used to, and I usually have a pretty good idea what I want before I go looking.
Do not meddle in the affairs of archers, for they are subtle and you won't hear them coming.
 
mikepers
Gerbil
Posts: 29
Joined: Fri Dec 16, 2011 4:47 pm

Re: Newegg CC Breach Aug-Sept (not a deal but...)

Wed Sep 19, 2018 5:17 pm

demani wrote:
...the search works better-Amazon's is so haphazard....


This^

Newegg search and filtering is pretty awesome. These days I get most components from Newegg or the local Microcenter. All other stuff from Amazon.
 
jihadjoe
Gerbil Elite
Posts: 835
Joined: Mon Dec 06, 2010 11:34 am

Re: Newegg CC Breach Aug-Sept (not a deal but...)

Wed Sep 19, 2018 7:32 pm

I have one order that falls within the timeframe. Luckily I had my payment details already saved and didn't enter my credit card number or CVV through Newegg's website during the checkout process, so fingers crossed that I'm in the clear. Gonna give the bank a heads-up either way.
 
synthtel2
Gerbil Elite
Posts: 956
Joined: Mon Nov 16, 2015 10:30 am

Re: Newegg CC Breach Aug-Sept (not a deal but...)

Wed Sep 19, 2018 8:16 pm

steelcity_ballin wrote:
Their customer service was always the best though, don't know much about it these days.

It went downhill pretty badly about the time of the buyout. They've still got search and selection going for them, but I've been pretty skeptical of them since they put a half dozen lines in their terms saying they won't spam, snuck one in that maybe sort-of allows them to while badly contradicting the other half dozen, proceeded to spam away, and then had their new badly-trained customer service deny strenuously that they would ever do such a thing when I called them on it.
 
LostCat
Minister of Gerbil Affairs
Posts: 2107
Joined: Thu Aug 26, 2004 6:18 am
Location: Earth

Re: Newegg CC Breach Aug-Sept (not a deal but...)

Wed Sep 19, 2018 10:58 pm

Hmm. I don't Newegg without Paypal , so they wouldn't have been able to get anything as far as I know. Interesting.
Meow.
 
just brew it!
Administrator
Posts: 54500
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Newegg CC Breach Aug-Sept (not a deal but...)

Wed Sep 19, 2018 11:26 pm

So this only applies if you've entered payment info on their site recently?

They used to be my "go to" site for computer parts, but I don't think I've bought anything there in the past couple of years, for reasons others have already outlined.
Nostalgia isn't what it used to be.
 
SuperSpy
Minister of Gerbil Affairs
Posts: 2403
Joined: Thu Sep 12, 2002 9:34 pm
Location: TR Forums

Re: Newegg CC Breach Aug-Sept (not a deal but...)

Thu Sep 20, 2018 7:30 am

just brew it! wrote:
So this only applies if you've entered payment info on their site recently?


Yes, they basically had some extra javascript pinned to the page with the CC info boxes that sent the form to two different places when you hit the submit button (one to Newegg like it was supposed to, one to the bad guy-controlled server). Basically a digital CC skimmer.

According to the article on Ars the malicious javascript showed up on the 16th of August, so potentially anyone that entered CC info there in the last month had their details stolen.
Desktop: i7-4790K @4.8 GHz | 32 GB | EVGA Gefore 1060 | Windows 10 x64
Laptop: MacBook Pro 2017 2.9GHz | 16 GB | Radeon Pro 560
 
JonnyFM
Gerbil In Training
Posts: 3
Joined: Thu Jul 10, 2014 12:47 pm

Re: Newegg CC Breach Aug-Sept (not a deal but...)

Thu Sep 20, 2018 7:45 am

But is Newegg's checkout process actually usable with NoScript or uBlock Origin's dynamic filtering of JS turned on?
 
NovusBogus
Graphmaster Gerbil
Posts: 1408
Joined: Sun Jan 06, 2013 12:37 am

Re: Newegg CC Breach Aug-Sept (not a deal but...)

Fri Sep 21, 2018 12:56 am

ludi wrote:
I did buy a monitor and some cables recently, but fortunately, the payment method was a single-use VISA gift card that is now empty and destroyed. So that's not so bad.

This is my favorite way of dealing with high-risk sites, especially since high-risk sites typically involve a web of Tor nodes, VMs and deniable identities. I don't typically consider Newegg to be a high risk site, but maybe I should evaluate that...

Who is online

Users browsing this forum: No registered users and 1 guest
GZIP: On