add arrow-down arrow-left arrow-right arrow-up authorcheckmark clipboard combo comment delete discord dots drag-handle dropdown-arrow errorfacebook history inbox instagram issuelink lock markup-bbcode markup-html markup-pcpp markup-cyclingbuilder markup-plain-text markup-reddit menu pin radio-button save search settings share star-empty star-full star-half switch successtag twitch twitter user warningwattage weight youtube

Newegg CC breach affected purchases made in the last month or so

gorkti200

11 months ago

https://arstechnica.com/information-technology/2018/09/newegg-hit-by-credit-card-stealing-code-injected-into-shopping-code/

The TLDR is that if you purchased off Newegg between August and now, you may have been compromised. Javascript in the checkout page was forwarding the entire form (that contained your CC info) to a third party site setup to harvest info. The same method recently was found to have infested British Airways. The good news is that these are being detected and fixed.

Comments

  • 11 months ago
  • 2 points

Yikes, that's never good (unless if you were the hackers I guess lol), Thankfully I haven't made any purchases from there recently.

  • 11 months ago
  • 2 points

How are they able to use the javascript to forward the form? Was it modified from the outside or from the inside?

  • 11 months ago
  • 1 point

My guess? Developers pulled in an infected package using a package manager while developing, and in a little bit we are going to hear a story about how all three of these sites (apparently UK Ticketmaster was also affected) all had developers who utilized X package during development.

The only other explanation is that they all feature some vulnerability that is allowing outside access to their files, which seems farther-fetched imo.

EDIT reminds me of a fun post I read earlier this year.

  • 11 months ago
  • 1 point

EDIT reminds me of a fun post I read earlier this year.

That man has the potential for great harm...

[comment deleted]
  • 11 months ago
  • 1 point

The JavaScript libraries hosted by the companies were compromised. How the code was initially uploaded isn't mentioned.

The small amount of code injected basically saved the form on click of the payment button and submitted it to the external server on release. The external server was designed to look legit, and they even went through the hoops to set it up with proper authentication and the like. A casual investigation would have shown data being sent to 'neweggstats' when the payment was processed, which makes it a lot less noticeable.

What this means is every single person who submitted a payment through the website's built in credit card form (not using saved data, an external service like Paypal, or external tokenization service) had their full payment information skimmed. Not just the credit card number or name or address. All of it, all it once, in one nice neat array.

  • 11 months ago
  • 1 point

Well, thank God I didn't use Newegg in the last few months.

  • 11 months ago
  • 2 points

you may have been compromised

This is easy to tell. If you purchased off of Newegg, typed your payment information into their form, and clicked to process the payment, you were compromised. Period. If you purchased using a service like Paypal, an external tokenization service, already saved info, or any other method that avoids the payment form or giving your real payment information, you are not compromised.

  • 11 months ago
  • 1 point

Well the start date is a little fuzzy, RiskIQ lists it as "around August 14th", however you're right to imply that anyone who made a purchase should make the assumption that they are at risk.

  • 11 months ago
  • 2 points

a heads up by 5pm eastern standard time. password is not working anymore. they might be resetting account passwords.

  • 11 months ago
  • 2 points

Newegg has been having some pretty serious issues as of late. This isn’t going to go well for them.

  • 11 months ago
  • 1 point

Good thing I used paypal. Or was that affected as well?

  • 11 months ago
  • 1 point

If you used Paypal you are fine because you didn't have to enter your CC info on Newegg's site.

Sort

add arrow-down arrow-left arrow-right arrow-up authorcheckmark clipboard combo comment delete discord dots drag-handle dropdown-arrow errorfacebook history inbox instagram issuelink lock markup-bbcode markup-html markup-pcpp markup-cyclingbuilder markup-plain-text markup-reddit menu pin radio-button save search settings share star-empty star-full star-half switch successtag twitch twitter user warningwattage weight youtube