[ad_1]
The Newegg hardware retailer suffered a month-long data breach that exposed users' credit card information to the same hackers who targeted British Airways and Ticketmaster UK earlier this year. The exact scope of the attack is still unknown because the company just discovered the violation yesterday and began to take action.
Newegg receives about 50 million visitors a month and its activity is valued at $ 2.65 billion. RiskIQ, the threat management company, which revealed the violation alongside the Volexity cybersecurity company, said, "We can assume that this attack caused a large number of casualties," even though investigations are still ongoing .
Hackers have injected 15 lines of code into the Newegg payment page, accessible via mobile and desktop, and remained on the page from 14 August to 18 September. The script, placed on the final verification page, allows browsing credit card information. The credit card data was then sent to a server of a similar domain name and to a HTTPS certificate controlled by the hackers.
Magecart is the same criminal group behind the three data breaches, according to RiskIQ Threat Management Company. The attacks follow a similar pattern. Magecart tends to ignore databases or corporate servers and to target customers' personal data by injecting scripts on payment platforms.
Newegg is based in California, unlike the first two targets, Ticketmaster UK and British Airways, both located in the UK. Cyberattacks, as RiskIQ points out, do not have clear geographic boundaries. "As we build the narrative, it becomes clear to the industry that these simple but smart attacks are not only devastating, they are becoming more and more prevalent. Newegg is only the latest victim, "says RiskIQ on his site.
Newegg has sent emails to customers who have made purchases during the one month period, and plans to post a FAQ on its site by Friday. Users who have made purchases in the last month should monitor their bank accounts for suspicious activity. We contacted Newegg for a comment.
:format(webp):no_upscale()/cdn.vox-cdn.com/uploads/chorus_asset/file/13118509/unnamed__1_.png)
Image: Newegg
Source link
