Newegg was compromised between Aug 14th and Sep 18th

Clear on 20/09/2018 - 08:02
Last edited 20/09/2018 - 08:02

https://www.riskiq.com/blog/labs/magecart-newegg/

The first time the skimmer became active was around August 14th, and we confirmed the skimmer was removed on September 18th, which means the attackers had a full month of skimming Newegg customers.

Looks like Newegg had been compromised for close to an entire month. If you had entered your credit card details during checkout between those dates your cards would have been skimmed.

Quite a lot of deals here during that period so time to change your credit card if you had made purchases.

General Discussion

Related Stores

Newegg
Newegg

Comments

  • payton on 20/09/2018 - 08:13

    holy SH

  • Zedsdeadbabyzedsdead on 20/09/2018 - 08:28
    +6

    "Newegg was compromised"

    Were the hackers free range?

    • payton on 20/09/2018 - 08:30
      +3

      yeh people's passwords are now free-ranging all over the web

      • Zedsdeadbabyzedsdead on 20/09/2018 - 08:31
        +2

        Maybe the hackers should be 'caged'.

        • Scab on 20/09/2018 - 08:36
          +4

          I just wish they'd wing it and pluck off, really Ruffles my feathers.

          The cocks.

        • Poolprouk on 20/09/2018 - 09:14
          +2

          @Scab:

          Keep your Fowl language to yourself please.

    • Godric on 20/09/2018 - 09:19
      +3

      The newegg has been cracked

  • Ryanek on 20/09/2018 - 09:05

    Done with 15 lines of code. Brilliant.

    • HighAndDry on 20/09/2018 - 11:14
      +1

      And also:

      Conveniently for the attackers, the skimmer, just like in the British Airways attack, works for both desktop and mobile customers.

      I swear, these hackers are better at coding that many multinational companies whose sites still mess up or require hideous scaling tricks to work on mobile.

  • HighAndDry on 20/09/2018 - 11:12
    +1

    Similar to the British Airways attack, these actors acquired a certificate issued for the domain by Comodo to lend an air of legitimacy to their page:

    WTF is the point of HTTPS/SSL certificates if literal hacking groups can obtain these certificates with trivial effort? Am I missing something here?

    • retiredfeline on 20/09/2018 - 11:31
      +1

      If you read the dissection, they obtained a plausible sounding site and cert for it, neweggstats. So alarm bells wouldn't ring if someone moused over a form and saw that domain name. As it was, it was concealed inside form submission code in JS. It was newegg's fault for not being defending against cross-site scripting. See explanation here:

      https://excess-xss.com/

      • HighAndDry on 20/09/2018 - 12:03

        No that's my point, they registered a domain "neweggstats", but they also obtained a SSL Certificate for that domain from Comodo. Those certificates are supposed to tell customers that a domain/site/webpage is secure and trustworthy. If a hacking group can get one for a domain they're literally using as part of a scam/hack…… what use is that certificate?

        Or rather - what checks do SSL Certificate Issuing authorities like Comodo do before issuing these certificates, if a hacking group can trivially obtain one, and what use are these certificate?

        • retiredfeline on 20/09/2018 - 12:25
          +5

          How is Comodo supposed to check trustworthiness? You are under the wrong impression about SSL certs. Their primary reason is to ensure secure communications. All applicants look the same over the Internet. It could have been done by a shell company or individual with no prior record. Even for non-cybercrimes you or I could register an Australian company and then proceed to cheat customers.

          For an EV cert the authority goes a bit further and asks for business registration proof. But that's still no guarantee that the business won't go rogue.

        • HighAndDry on 20/09/2018 - 12:27

          @greenpossum:

          How is Comodo supposed to check trustworthiness?

          I have no idea, that was really at the core of my question, which then leads to: If Comodo can't check trustworthiness, what are they basing issuance of the SSL Certificates on? And if it's "nothing", or effectively "nothing", that ties back to my actual question of: What use are these SSL Certificates if no checks are done before they're issued?

        • retiredfeline on 20/09/2018 - 12:29
          +4

          @HighAndDry: Secure communications, as I said.

          See the thing is, if you saw the Newegg SSL cert icon you could be assured you were talking to Newegg servers. Unfortunately Newegg allowed the content that they served to include JS code that wasn't from Newegg, that was the crack.

        • HighAndDry on 20/09/2018 - 12:35

          @greenpossum: Mmmm…. true I guess.

    • Diji1 on 20/09/2018 - 11:33
      +1

      Am I missing

      Nope, HTTPS is broken and not trustworthy because criminals and intelligence agencies can just purchase legitimate certificates.

      It is still worth using for data transfers because why lower any barriers but you should consider it untrustworthy and able to be seen.

      • Clear on 20/09/2018 - 19:04

        They don't even need to purchase anymore to get the basics thanks to Let's Encrypt ;)

  • rygle on 25/09/2018 - 08:24

    Surely using PayPal is one solution. Then nobody but PayPal has your details.

    Also good to know is that two factor authentication by SMS is not immune to hacking.

Login or Join to leave a comment
Login Join