Newegg suffered data breach for one month

No primary category set

Marketplace Newegg has reportedly been the victim of a data breach that persisted for one month before it was revealed and remedied. Apparently 15 lines of card skimming code were installed on the website’s payments page and were operational between August 14th and September 18th. The vulnerability was detected and reported by Volexity and you can read their full report here.

Newegg has emailed customers to inform them of the problem but hasn’t made a statement. It is currently unknown what the scale of the data breach is, how many users were impacted or precisely what personal data might have been purloined. Users were taken to a similar domain where payments details may have been entered, suggesting that buyers rather than merchants were the most likely victims.

RiskIQ has said it believes the Newegg data breach is the work of the Magecart group. They’re a group of hackers that carry out targeted attacks against vulnerable websites. They have previously used near-identical code to gather payments information:

The breach of Newegg shows the true extent of Magecart operators’ reach. These attacks are not confined to certain geolocations or specific industries — any organization that processes payments online is a target.
– Yonathan Klijnsma, researcher, RiskIQ

Newegg is one of the largest retailers in the US, as well as offering a marketplace platform to merchants. It generated $2.65 billion in revenue in 2016 and claims to have more than 45 million monthly unique visitors.

Reports such as this reiterate two often forgotten aspects of online trading. Firstly, even big and reputable organisations can be the victims of a data breach and that can dent consumer confidence in buying online. And, despite there being many different types of protection, there is still a need to be vigilant when paying online.

Let us know if you have been impacted by the problem. Doubtless, we’ll find out more about the incident in the coming weeks.

RELATED POSTS..

Royal Mail prepares to deliver Christmas

Royal Mail prepares to deliver Christmas

Rosenblatt to take legal action on Amazon frozen disbursements

Rosenblatt to take legal action on Amazon frozen disbursements

Poshmark unveils fee update to boost seller earnings

Poshmark fee update to boost seller earnings

Nectar360 & Rokt to make Sainsbury’s and Argos ads more relevant

Nectar360 & Rokt to make Sainsbury’s and Argos ads more relevant

SMEs guidance from Deborah Meaden in new NESCAFÉ mini-series

SMEs guidance from Deborah Meaden in new NESCAFÉ mini-series

ChannelX Guide...

Featured in this article from the ChannelX Guide – companies that can help you grow and manage your business.

Latest

Take a look through a selection of the latest articles on ChannelX

Register for Newsletter

Receive 5 newsletters per week

Gain access to all research

Be notified of upcoming events and webinars