Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
Editorials & Other Articles
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
NewEgg cracked in breach, hosted card-stealing code within its own checkout
https://arstechnica.com/information-technology/2018/09/newegg-hit-by-credit-card-stealing-code-injected-into-shopping-code/The popular computer and electronics Web retailer NewEgg has apparently been hit by the same payment-data-stealing attackers who targeted TicketMaster UK and British Airways. The attackers, referred to by researchers as Magecart, managed to inject 15 lines of JavaScript into NewEgg's webstore checkout that forwarded credit card and other data to a server with a domain name that made it look like part of NewEgg's Web infrastructure. It appears that all Web transactions over the past month were affected by the breach.
Details of the breach were reported by the security research firms RiskIQ (which exposed the code behind the British Airways attack) and Volexity Threat Research today. The attack was shut down by NewEgg on September 18, but it appears to have been actively siphoning off payment data since August 16, according to reports from the security researchers. Yonathan Klijnsma, head researcher at RiskIQ, said that the methods and code used are virtually identical to the attack on British Airwayswhile the Ticketmaster breach was caused by code injected from a third-party service provider, both the BA breach and the NewEgg attack were the result of a compromise of JavaScript libraries hosted by the companies themselves.
The domain used by the attack, neweggstats.com, was hosted on a server at the Dutch hosting provider WorldStream and had a certificate. The domain was registered through Namecheap on August 13, using a registration privacy protection company in Panama. The domain's TLS certificate was purchased through Comodo on the same day. The Comodo certificate was likely the most expensive part of the attackers' infrastructure.
Starting on August 16, code on NewEgg's checkout pagespecifically "CheckoutStep2.aspx," the ASP.NET-based payment page served up by NewEgg's shopping cart systemincluded 15 lines of JavaScript that watched for a click on the payment button and submitted the entire form to the remote server. "The initial event methods binded to the button btnCreditCard allow for all data captured to be submitted to the attacker-specified destination when a mouse button is released, as well as when a touch screen has been pressed and released," the researchers from Volexity notedmeaning that the code allowed the attack to work both for computers and mobile devices.
*end of excerpt*
Oh God....I hope I hope I wasn't affected. Off to newegg.com I go.
eta: Phew I'm safe, my last order was ONE day before the attack.
InfoView thread info, including edit history
TrashPut this thread in your Trash Can (My DU » Trash Can)
BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks)
2 replies, 1054 views
ShareGet links to this post and/or share on social media
AlertAlert this post for a rule violation
PowersThere are no powers you can use on this post
EditCannot edit other people's posts
ReplyReply to this post
EditCannot edit other people's posts
Rec (3)
ReplyReply to this post
2 replies
= new reply since forum marked as read
Highlight:
NoneDon't highlight anything
5 newestHighlight 5 most recent replies
NewEgg cracked in breach, hosted card-stealing code within its own checkout (Original Post)
steve2470
Sep 2018
OP
PaulX2
(2,032 posts)1. I bought stuff on newegg using pay pal
Hope I'm ok.
steve2470
(37,468 posts)2. I'd go to the site and just check if you're not sure nt