• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Newegg Compromised by Magecart Assault; Potential Data Theft for Over a Month

VSG

Editor, Reviews & News
Staff member
Joined
Jul 1, 2014
Messages
3,609 (0.96/day)
Magecart is a relatively new online exploit group that has been in the news recently for affecting British Airways, and Ticketmaster in the recent past months. This hithero-unrecognized group uses a web-based card skimmer script by injecting a precious few lines of malicious code in a website, to then steal sensitive data that customers enter in the payment sections of said affected websites. Two large digital threat management outfits, RiskIQ and Volexity, today released their reports on how Newegg was similarly affected during the time period of August 13, 2018 through September 18, 2018, and what this means to users who may have performed a transaction on the website during this period.

In particular, Newegg.com was affected when the criminals behind Magecart registed the neweggstats.com domain (now inactive) via domain provider Namecheap. As RiskIQ points out, this was soon changed to navigate to the 217.23.4.11 IP address, which is a Magecart server that was used to receive and store all collected user data from the compromise that happened since. A fake certificate was issued to add a layer of legitimacy to the domain, as seen below. Be sure to read past the break to find out more details, and also what the bottom line is for affected users.



Voletix at this point was able to spot malicious JavaScript code limited to the secure.newegg.com page, which presented itself during the checkout stage of transactions done on Newegg. This code, seen below, only appeared once- during the billing information section- but was enough to collect user data including name, address, and also payment details which was then sent over to the drop server mentioned above.



Both agencies mention that the first time the hack was active was August 14, and the first confirmed confirmed attack took place on August 16. The manner of this compromise was identical to how Magecart affected other companies before. If anything, the attackers managed to make their code more efficient by needing only 8 lines of code here compared to the 22 lines they used with British Airways. The Volexity report, cited below, shares more technical information on how the attack works if you were so interested. The malicious code was removed on September 18, after Newegg received word of it and took some action. The company has since put out a short statement on social media acknowledging the attack, with more relevant details sent out to potentially affected users. If you or anyone you know received this email, please share it with us so we may update this story accordingly.



As it stands, this web-based skimmer was active for over a month and worked on both the desktop and mobile websites. There is no word yet on whether the Newegg mobile apps were similarly affected. This is certainly not good news to anyone, especially at a time when new hardware may have resulted in transactions in the affected period. Newegg is a giant e-tailer in the PC DIY industry, with over 50 million monthly visits. Both RiskIQ and Volexity warn that every one who has had a transaction on the website in the affected time period should keep an eye on their credit report (if appropriate), and work on re-issuing the form of payment used for said transaction(s). For example, if you used a credit card then talk to you bank to get that cancelled and have them issue you a new card as soon as possible. Magecart, as with other JavaScript-based criminal tools, are showing no signs of slowing down given the relatively simple attack strategy, and hopefully not many of us end up victims.

[Update: September 19, 2018- TechPowerUp member xkm1948 was kind enough to share a screenshot of the email he received from Newegg, which can be seen below]



View at TechPowerUp Main Site
 
Joined
Mar 18, 2008
Messages
5,717 (0.94/day)
System Name Virtual Reality / Bioinformatics
Processor Undead CPU
Motherboard Undead TUF X99
Cooling Noctua NH-D15
Memory GSkill 128GB DDR4-3000
Video Card(s) EVGA RTX 3090 FTW3 Ultra
Storage Samsung 960 Pro 1TB + 860 EVO 2TB + WD Black 5TB
Display(s) 32'' 4K Dell
Case Fractal Design R5
Audio Device(s) BOSE 2.0
Power Supply Seasonic 850watt
Mouse Logitech Master MX
Keyboard Corsair K70 Cherry MX Blue
VR HMD HTC Vive + Oculus Quest 2
Software Windows 10 P
I received the email. I have been buying components during this time period for a new build. So far I haven’t noticed any strange activities on my CC. Called CC issuer this afternoon and replacement card is already on the way.
 

FreedomEclipse

~Technological Technocrat~
Joined
Apr 20, 2007
Messages
23,984 (3.74/day)
Location
London,UK
System Name DarnGosh Edition
Processor AMD 7800X3D
Motherboard MSI X670E GAMING PLUS
Cooling Thermalright AM5 Contact Frame + Phantom Spirit 120SE
Memory G.Skill Trident Z5 NEO DDR5 6000 CL32-38-38-96
Video Card(s) Asus Dual Radeon™ RX 6700 XT OC Edition
Storage WD SN770 1TB (Boot)| 2x 2TB WD SN770 (Gaming)| 2x 2TB Crucial BX500| 2x 3TB Toshiba DT01ACA300
Display(s) LG GP850-B
Case Corsair 760T (White) {1xCorsair ML120 Pro|5xML140 Pro}
Audio Device(s) Yamaha RX-V573|Speakers: JBL Control One|Auna 300-CN|Wharfedale Diamond SW150
Power Supply Seasonic Focus GX-850 80+ GOLD
Mouse Logitech G502 X
Keyboard Duckyshine Dead LED(s) III
Software Windows 11 Home
Benchmark Scores ლ(ಠ益ಠ)ლ
Hopefully the cops can dig deep and find out where all the details were being sent or who was accessing the data.
 

VSG

Editor, Reviews & News
Staff member
Joined
Jul 1, 2014
Messages
3,609 (0.96/day)
I received the email. I have been buying components during this time period for a new build. So far I haven’t noticed any strange activities on my CC. Called CC issuer this afternoon and replacement card is already on the way.

Do you mind sharing a screenshot of that email, after having removed your personal details of course?
 

newtekie1

Semi-Retired Folder
Joined
Nov 22, 2005
Messages
28,473 (4.12/day)
Location
Indiana, USA
Processor Intel Core i7 10850K@5.2GHz
Motherboard AsRock Z470 Taichi
Cooling Corsair H115i Pro w/ Noctua NF-A14 Fans
Memory 32GB DDR4-3600
Video Card(s) RTX 2070 Super
Storage 500GB SX8200 Pro + 8TB with 1TB SSD Cache
Display(s) Acer Nitro VG280K 4K 28"
Case Fractal Design Define S
Audio Device(s) Onboard is good enough for me
Power Supply eVGA SuperNOVA 1000w G3
Software Windows 10 Pro x64
I made several orders in that time frame, but no email yet.
 
Joined
Mar 18, 2008
Messages
5,717 (0.94/day)
System Name Virtual Reality / Bioinformatics
Processor Undead CPU
Motherboard Undead TUF X99
Cooling Noctua NH-D15
Memory GSkill 128GB DDR4-3000
Video Card(s) EVGA RTX 3090 FTW3 Ultra
Storage Samsung 960 Pro 1TB + 860 EVO 2TB + WD Black 5TB
Display(s) 32'' 4K Dell
Case Fractal Design R5
Audio Device(s) BOSE 2.0
Power Supply Seasonic 850watt
Mouse Logitech Master MX
Keyboard Corsair K70 Cherry MX Blue
VR HMD HTC Vive + Oculus Quest 2
Software Windows 10 P
tempsnip.jpg
 

Aquinus

Resident Wat-man
Joined
Jan 28, 2012
Messages
13,161 (2.82/day)
Location
Concord, NH, USA
System Name Apollo
Processor Intel Core i9 9880H
Motherboard Some proprietary Apple thing.
Memory 64GB DDR4-2667
Video Card(s) AMD Radeon Pro 5600M, 8GB HBM2
Storage 1TB Apple NVMe, 4TB External
Display(s) Laptop @ 3072x1920 + 2x LG 5k Ultrafine TB3 displays
Case MacBook Pro (16", 2019)
Audio Device(s) AirPods Pro, Sennheiser HD 380s w/ FIIO Alpen 2, or Logitech 2.1 Speakers
Power Supply 96w Power Adapter
Mouse Logitech MX Master 3
Keyboard Logitech G915, GL Clicky
Software MacOS 12.1
I haven't ordered anything off NewEgg for years. I used to use them all the time but, then this whole "family" thing happened and I suddenly couldn't buy components all the time anymore. :rolleyes:
 

Norton

Moderator - Returning from the Darkness
Joined
Dec 21, 2011
Messages
14,108 (3.00/day)
Location
Northeast USA
System Name Main PC- Gamer- Main Cruncher/Folder and too many crunching/folding rigs
Processor Ryzen 5900X- Ryzen 5950X- Ryzen 3950X and etc...
Motherboard Asrock X570 Extreme4- MSI X570S Tomahawk MAX WiFi- MSI B450M Bazooka Max and etc...
Cooling Noctua NH-U14S (dual fan)- EK 360 AIO with push/pull fans- Corsair H115i RGB Pro XT and etc...
Memory 2x16GB GSkill FlareX 3200/c14- 4x8GB Corsair Vengeance 3600/c16- 2x16GB Team 3600/c18 and etc..
Video Card(s) MSI Gaming RX 6800- Asus RTX 3070 TUF OC- MSI Ventus GTX 1660Ti and etc...
Storage Main PC (1TB WD SN850- 2TB PNY CS 3040- 2TB Seagate Firecuda) and etc...
Display(s) Main PC (2x24" Dell UltraSharp U2414H)
Case Phanteks P600s- Seasonic Q704- Fractal Meshify C and etc...
Audio Device(s) Logitech Z625 THX 2.1 speakers
Power Supply EVGA 750 G3- SeaSonic DGC 750- EVGA P2 850 and etc...
Mouse G300s
Keyboard Corsair K65
VR HMD N/A
Software Windows 10 Pro or Ubuntu
Benchmark Scores Why sit on the Bench when you can get in the game and Crunch!!!
I made several orders in that time frame, but no email yet.
I didn't have any orders within that time either but I did get a notice from my bank earlier today about a data breach somewhere and getting my card replaced. Don't think I saved my card there though since I tend not to do that..
 
Joined
Jan 31, 2010
Messages
5,532 (1.03/day)
Location
Gougeland (NZ)
System Name Cumquat 2021
Processor AMD RyZen R7 7800X3D
Motherboard Asus Strix X670E - E Gaming WIFI
Cooling Deep Cool LT720 + CM MasterGel Pro TP + Lian Li Uni Fan V2
Memory 32GB GSkill Trident Z5 Neo 6000
Video Card(s) Sapphire Nitro+ OC RX6800 16GB DDR6 2270Cclk / 2010Mclk
Storage 1x Adata SX8200PRO NVMe 1TB gen3 x4 1X Samsung 980 Pro NVMe Gen 4 x4 1TB, 12TB of HDD Storage
Display(s) AOC 24G2 IPS 144Hz FreeSync Premium 1920x1080p
Case Lian Li O11D XL ROG edition
Audio Device(s) RX6800 via HDMI + Pioneer VSX-531 amp Technics 100W 5.1 Speaker set
Power Supply EVGA 1000W G5 Gold
Mouse Logitech G502 Proteus Core Wired
Keyboard Logitech G915 Wireless
Software Windows 11 X64 PRO (build 23H2)
Benchmark Scores it sucks even more less now ;)
I didn't have any orders within that time either but I did get a notice from my bank earlier today about a data breach somewhere and getting my card replaced. Don't think I saved my card there though since I tend not to do that..

Apparently it used similar technology as a card skimmer to read what you input so whether you saved your details or not doesn't help, if you used your CC in the time period mentioned chances are they have your CC details.
 
Joined
Feb 18, 2012
Messages
2,715 (0.59/day)
System Name MSI GP76
Processor intel i7 11800h
Cooling 2 laptop fans
Memory 32gb of 3000mhz DDR4
Video Card(s) Nvidia 3070
Storage x2 PNY 8tb cs2130 m.2 SSD--16tb of space
Display(s) 17.3" IPS 1920x1080 240Hz
Power Supply 280w laptop power supply
Mouse Logitech m705
Keyboard laptop keyboard
Software lots of movies and Windows 10 with win 7 shell
Benchmark Scores Good enough for me
I use gift cards for most online orders under $500, I get them for free at my bank. Any unspent funds I use for everyday stuff.
 
Joined
Apr 3, 2010
Messages
800 (0.15/day)
Location
US
System Name Desktop
Processor AMD Ryzen 5 5600X [3.7GHz/4.6GHz][6C/12T]
Motherboard ASUS TUF Gaming X570-PRO [X570]
Cooling Cooler Master Hyper 212 RGB Black Edition
Memory G.SKILL Ripjaws V Series 32GB [DDR4 3600][2x16GB][16-19-19-39@1.35V]
Video Card(s) ASUS KO GeForce RTX 3060 Ti V2 OC Edition 8GB GDDR6 [511.65]
Storage [OS] Samsung 970 Evo 500GB | [Storage] 980 1TB | 860 Evo 1TB | 850 Evo 500GB | Seagate Firecuda 2TB
Display(s) LG 27GL850 [27"][2560x1440@144Hz][Nano IPS][LED][G-SYNC Compatible][DP]
Case Corsair Obsidian 750D
Audio Device(s) Realtek ALC S1200A High Definition Audio CODEC
Power Supply EVGA SuperNOVA 1000 G1+ [+12V: 83.3A 999.6W][80 Plus Gold]
Mouse Logitech M570 Trackball
Keyboard Corsair Gaming K55 RGB
Software Microsoft Windows 10 Pro [21H1][64-bit]
Bought a few things over the month, so far no email.
 
Joined
Sep 7, 2017
Messages
3,244 (1.24/day)
System Name Grunt
Processor Ryzen 5800x
Motherboard Gigabyte x570 Gaming X
Cooling Noctua NH-U12A
Memory Corsair LPX 3600 4x8GB
Video Card(s) Gigabyte 6800 XT (reference)
Storage Samsung 980 Pro 2TB
Display(s) Samsung CFG70, Samsung NU8000 TV
Case Corsair C70
Power Supply Corsair HX750
Software Win 10 Pro
Online commerce... not the improvement it was touted as, for sure.

Since when did you ever hear of this crap 30 years ago? Or see a cottage industry of "Anti-Identity Theft" companies? And whatnot.
 
Joined
Apr 3, 2010
Messages
800 (0.15/day)
Location
US
System Name Desktop
Processor AMD Ryzen 5 5600X [3.7GHz/4.6GHz][6C/12T]
Motherboard ASUS TUF Gaming X570-PRO [X570]
Cooling Cooler Master Hyper 212 RGB Black Edition
Memory G.SKILL Ripjaws V Series 32GB [DDR4 3600][2x16GB][16-19-19-39@1.35V]
Video Card(s) ASUS KO GeForce RTX 3060 Ti V2 OC Edition 8GB GDDR6 [511.65]
Storage [OS] Samsung 970 Evo 500GB | [Storage] 980 1TB | 860 Evo 1TB | 850 Evo 500GB | Seagate Firecuda 2TB
Display(s) LG 27GL850 [27"][2560x1440@144Hz][Nano IPS][LED][G-SYNC Compatible][DP]
Case Corsair Obsidian 750D
Audio Device(s) Realtek ALC S1200A High Definition Audio CODEC
Power Supply EVGA SuperNOVA 1000 G1+ [+12V: 83.3A 999.6W][80 Plus Gold]
Mouse Logitech M570 Trackball
Keyboard Corsair Gaming K55 RGB
Software Microsoft Windows 10 Pro [21H1][64-bit]
I don't know if it would have made a difference, but maybe I should use Kaspersky's Safe Banking.

Also CM Hyper T2 or AMD Wraith Stealth?
 

Ahhzz

Super Moderator
Staff member
Joined
Feb 27, 2008
Messages
8,921 (1.46/day)
System Name OrangeHaze / Silence
Processor i7-13700KF / i5-10400 /
Motherboard ROG STRIX Z690-E / MSI Z490 A-Pro Motherboard
Cooling Corsair H75 / TT ToughAir 510
Memory 64Gb GSkill Trident Z5 / 32GB Team Dark Za 3600
Video Card(s) Palit GeForce RTX 2070 / Sapphire R9 290 Vapor-X 4Gb
Storage Hynix Plat P41 2Tb\Samsung MZVL21 1Tb / Samsung 980 Pro 1Tb
Display(s) 22" Dell Wide/24" Asus
Case Lian Li PC-101 ATX custom mod / Antec Lanboy Air Black & Blue
Audio Device(s) SB Audigy 7.1
Power Supply Corsair Enthusiast TX750
Mouse Logitech G502 Lightspeed Wireless / Logitech G502 Proteus Spectrum
Keyboard K68 RGB — CHERRY® MX Red
Software Win10 Pro \ RIP:Win 7 Ult 64 bit
Very glad I haven't bought anything there for years now....
 
Joined
Jul 16, 2014
Messages
8,194 (2.18/day)
Location
SE Michigan
System Name Dumbass
Processor AMD Ryzen 7800X3D
Motherboard ASUS TUF gaming B650
Cooling Artic Liquid Freezer 2 - 420mm
Memory G.Skill Sniper 32gb DDR5 6000
Video Card(s) GreenTeam 4070 ti super 16gb
Storage Samsung EVO 500gb & 1Tb, 2tb HDD, 500gb WD Black
Display(s) 1x Nixeus NX_EDG27, 2x Dell S2440L (16:9)
Case Phanteks Enthoo Primo w/8 140mm SP Fans
Audio Device(s) onboard (realtek?) - SPKRS:Logitech Z623 200w 2.1
Power Supply Corsair HX1000i
Mouse Steeseries Esports Wireless
Keyboard Corsair K100
Software windows 10 H
Benchmark Scores https://i.imgur.com/aoz3vWY.jpg?2
Used to be a loyal customer of newegg for over a decade, after they jacked vega prices and saw hugely inflated prices in other places, I no longer buy from @Newegg. Glad I dont or I might have this headache to deal with.

Dont take chances get a new CC and change your password there ASAP.
 

newtekie1

Semi-Retired Folder
Joined
Nov 22, 2005
Messages
28,473 (4.12/day)
Location
Indiana, USA
Processor Intel Core i7 10850K@5.2GHz
Motherboard AsRock Z470 Taichi
Cooling Corsair H115i Pro w/ Noctua NF-A14 Fans
Memory 32GB DDR4-3600
Video Card(s) RTX 2070 Super
Storage 500GB SX8200 Pro + 8TB with 1TB SSD Cache
Display(s) Acer Nitro VG280K 4K 28"
Case Fractal Design Define S
Audio Device(s) Onboard is good enough for me
Power Supply eVGA SuperNOVA 1000w G3
Software Windows 10 Pro x64
Apparently it used similar technology as a card skimmer to read what you input so whether you saved your details or not doesn't help, if you used your CC in the time period mentioned chances are they have your CC details.

Yep, ironically I think saved cards are actually safe from this attack.
 
Joined
Oct 22, 2014
Messages
14,048 (3.84/day)
Location
Sunshine Coast
System Name Lenovo ThinkCentre
Processor AMD 5650GE
Motherboard Lenovo
Memory 32 GB DDR4
Display(s) AOC 24" Freesync 1m.s. 75Hz
Mouse Lenovo
Keyboard Lenovo
Software W11 Pro 64 bit
New import taxes and high prices from the Australian Newegg stop me from buying there.
 
Joined
Oct 2, 2004
Messages
13,791 (1.88/day)
Apparently it used similar technology as a card skimmer to read what you input so whether you saved your details or not doesn't help, if you used your CC in the time period mentioned chances are they have your CC details.

I don't know for the rest of the world, but when I'm paying with MasterCard directly (rarely), I get MasterCard verification dialog where my bank sends me a SMS with verification code which I then enter. Meaning, without SMS verification, it's impossible to make a purchase even if they have entire card number and CC verification code from it. But I generally stick with PayPal as it's much more secure in this regard.
 
Joined
Oct 18, 2013
Messages
6,129 (1.52/day)
Location
Over here, right where you least expect me to be !
System Name The Little One
Processor i5-11320H @4.4GHZ
Motherboard AZW SEI
Cooling Fan w/heat pipes + side & rear vents
Memory 64GB Crucial DDR4-3200 (2x 32GB)
Video Card(s) Iris XE
Storage WD Black SN850X 4TB m.2, Seagate 2TB SSD + SN850 4TB x2 in an external enclosure
Display(s) 2x Samsung 43" & 2x 32"
Case Practically identical to a mac mini, just purrtier in slate blue, & with 3x usb ports on the front !
Audio Device(s) Yamaha ATS-1060 Bluetooth Soundbar & Subwoofer
Power Supply 65w brick
Mouse Logitech MX Master 2
Keyboard Logitech G613 mechanical wireless
Software Windows 10 pro 64 bit, with all the unnecessary background shitzu turned OFF !
Benchmark Scores PDQ
word:

p
A
y
P
a
L :D
 
Joined
Dec 14, 2013
Messages
2,697 (0.68/day)
Location
Alabama
Processor Ryzen 2600
Motherboard X470 Tachi Ultimate
Cooling AM3+ Wraith CPU cooler
Memory C.R.S.
Video Card(s) GTX 970
Software Linux Peppermint 10
Benchmark Scores Never high enough
Got things checked and dealt with this morning, nothing suspicious seen and the cards have been replaced.
 
Top