Magecart Hackers Stole Customers Payment Card Data from Newegg

The infamous criminal collective known as Magecart has successfully infiltrated the Newegg site and stole the stored payment card details stored by the company’s customers. This is a critical breach into the online merchant’s systems as the criminals were able to obtain a very large database of sensitive content. This is a yet-another infiltration of this hacker group which shows that its members are capable of getting into many major online services and companies.

Magecart Hackers Hacked Newegg & Acquired Customer Payment Card Data

The Magecart hackers have made another major hit this time infiltrating the secure servers belonging to Newegg. The known information so far is that this affects all entered data in the period August 14 to September 18 this year. The cause of the card details theft is through the use of a technique called digital skimmer — the hackers have embedded JavaScript code into the checkout page of the service. This means that every time the criminals enter their payment card details they will be sent to a remote server operated by the criminals. This is done only with a few lines of JavaScript code.

The exact attack mechanism that allowed the intrusion is the creation of a similar sounding domain called neweggstats which appears to have been created back in 2015. The hackers have been able to acquire a SSL certificate issued by a legitimate provider. By infiltrating the Newegg servers and specifically the checkout page used by the payment processor. The hacker-controlled page will be the one that will acquire the information.

Both desktop and mobile customers are affected by the breach however the number of affected customers is not known. Statistics showcase that more the site has more than 50 million visitors. The fact that the digital skimmer code was available for a (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | authored by Martin Beltov. Read the original post at: