Attackers abscond with Newegg customers' credit-card info

Many TR readers have likely received a package or two from Newegg over the years, and its deals make regular appearances in our round-ups. Partially because of the company's frequent showings in our deals posts, beware: if you ordered anything from the site over the past few weeks, you'll probably want to contact your bank or credit-card provider and get a new set of account credentials.

In an unfortunate turn for the e-tailer, a group of hackers was able to insert malicious code into its checkout page and make off with customers' credit-card data, according to new reports from security firms RiskIQ and Volexity. According to those reports, the malicious code was active from August 16, 2018 to September 18, 2018.

The 'egg fell victim to a ring of data thieves known as Magecart. RiskIQ says that ring has attacked 800 or more e-commerce sites around the world, and notes that its code has preyed on customers of companies as large as British Airways and Ticketmaster. All it took to abscond with that information at Newegg was a mere eight lines of Javascript pointing back to a malicious domain, according to RiskIQ.

Newegg hasn't released a statement on the issue through its newsroom, but affected customers are apparently receiving emails from the company. Even if you haven't received one of those emails, we'd play it safe if you've ordered anything from the site of late and call your bank or financial services provider ASAP.

Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.