Going after Newegg is like personally targeting hardware enthusiasts. The online storefront has long been favored as the go-to source for components, peripherals and pretty much anything else a PC builder might want. That makes the site a good target for hackers too, and new research from Volexity and RiskIQ today shows that Newegg was, in fact, attacked by the increasingly prolific organization known as Magecart.
Magecart has been active for years. Most recently it was accused of conducting attacks on Ticketmaster and British Airways. The latter is believed to have affected 380,000 people, showing that whoever's behind Magecart isn't content with attacks on small businesses or companies with operations in the UK. The attack on Newegg supports that idea—it handles large amounts of money and is based in California.
RiskIQ explained in a blog post today why the reasoning behind targeting Newegg is so significant when it comes to understanding Magecart:
"The breach of Newegg shows the true extent of Magecart operators’ reach. These attacks are not confined to certain geolocations or specific industries—any organization that processes payments online is a target. The elements of the British Airways attacks were all present in the attack on Newegg: they integrated with the victim’s payment system and blended with the infrastructure, staying there as long as possible."
Newegg has yet to disclose the attack on its site, but the company did tweet about the attack shortly after it was made public: "Yesterday we learned one of our servers had been injected with malware which was identified and removed from our site. We’re conducting extensive research to determine exactly what info was obtained and are sending emails to customers potentially impacted. Please check your email."
We've reached out to Newegg for a statement about the attack and how it plans to respond. More information about how many people were affected by the attack should be discovered after Newegg looks back at its transaction history and determines whether or not everyone who bought something between August 14 and September 18 was at risk. In the meantime, keep a close eye on your bank accounts, enthusiasts.