Newegg Website Was Infiltrated By Hackers For Nearly A Month, Customer Financial Data Stolen
Even though Newegg is one of the most popular destinations for enthusiasts looking to score the latest and greatest hardware for the gaming rigs, the retail giant is not immune to the nefarious actions of the hacker community. To that end, Newegg's website was hacked, and the parties responsible were able to inject 15 lines of credit card skimming code into the retailer's payments page. That code hid there, undetected, from August 14 through September 18 meaning if you made a purchase there between those dates, you need to be concerned.
News of the attack comes from Yonathan Klijnsma, a threat researcher from RiskIQ. The injected code was able to steal credit card data from customers and sent that data to a server that was controlled by the hackers using a similar domain name. An HTTPS certificate was used with the nefarious server so that shoppers would be none the wiser.
The nefarious injected code worked on both the desktop and mobile versions of the Newegg website, but it's not clear now if mobile transactions were affected. Newegg removed the code yesterday after being contacted by a company called
No details on exactly how many transactions were made during the time the malicious code was live have been offered. Newegg has confirmed to its customers via email that it doesn’t know how many accounts were affected. The attack is being attributed to the