As if the Newegg data breach reported yesterday was not enough, NCIX decided to haunt everyone from the grave when news of a much larger data breach came out today. Readers of our website may have been aware that NCIX declared bankruptcy last December, and all their assets were put up for sale as part of a multi-day auction by the Able Auctions firm earlier this year. Most of the items on sale were innocuous, including remaining PC DIY components and office supplies, but an investigation coming out of Privacy Fly, a cyber security firm from Canada, is showing that something much more sinister ended up in the hands of people who also knew what they were doing. In particular, an unidentified male who called himself "Jeff", acting either independently or on behalf of another company, had procured the entire NCIX server farm at the auction and then sorted through the data to determine what was "useful" and what was not.

By this, he was referring to unencrypted and/or easily-cracked user data stored on the servers that NCIX had not bothered to remove or put behind a stronger password as the contents were laid bare for Privacy Fly to examine after the server was unlocked. These servers were put up for sale for $1500 (CAD) on Craigslist of all places, in a bold move effectively selling user data by the tens of thousands. "Jeff" confirmed he was in possession of hundreds of desktops, hard drives and more servers which, along with the StarWind iSCSI Software that was included in the auction and used by NCIX for all their years of existence meant every single customer and former employee was exposed by the breach. To be more specific, we are talking about financial records including payroll information, residence and email addresses, payment information and even Canadian SIN numbers all available to be seen and purchased by the lot. Be it the fault of NCIX or Able Auction, knowing that unencrypted data servers were sold without being wiped is terrifying, and we recommend taking appropriate actions as deemed for your country of residence.

Magecart is a relatively new online exploit group that has been in the news recently for affecting British Airways, and Ticketmaster in the recent past months. This hithero-unrecognized group uses a web-based card skimmer script by injecting a precious few lines of malicious code in a website, to then steal sensitive data that customers enter in the payment sections of said affected websites. Two large digital threat management outfits, RiskIQ and Volexity, today released their reports on how Newegg was similarly affected during the time period of August 13, 2018 through September 18, 2018, and what this means to users who may have performed a transaction on the website during this period.

In particular, Newegg.com was affected when the criminals behind Magecart registed the neweggstats.com domain (now inactive) via domain provider Namecheap. As RiskIQ points out, this was soon changed to navigate to the 217.23.4.11 IP address, which is a Magecart server that was used to receive and store all collected user data from the compromise that happened since. A fake certificate was issued to add a layer of legitimacy to the domain, as seen below. Be sure to read past the break to find out more details, and also what the bottom line is for affected users.