Newegg data breach exposed customer credit card info, says report

The popular online retailer is the latest victim of hacking group Magecart, a security firm says.

Carrie Mihalcik Former Managing Editor / News
Carrie was a managing editor at CNET focused on breaking and trending news. She'd been reporting and editing for more than a decade, including at the National Journal and Current TV.
Expertise Breaking News, Technology Credentials
  • Carrie has lived on both coasts and can definitively say that Chesapeake Bay blue crabs are the best.
Marrian Zhou Staff Reporter
Marrian Zhou is a Beijing-born Californian living in New York City. She joined CNET as a staff reporter upon graduation from Columbia Journalism School. When Marrian is not reporting, she is probably binge watching, playing saxophone or eating hot pot.
Carrie Mihalcik
Marrian Zhou
2 min read
Ian Knighton/CNET

Some Newegg customers reportedly had their credit card info nicked, as hacking group Magecart strikes again.

Security researchers RiskIQ said Wednesday that Magecart inserted malicious code into the payments system of the hardware and electronics retailer and made off with charge card data.

The nasty code was running on the Newegg site from Aug. 14 until Sept. 18, according to RiskIQ, which researched the incident with cybersecurity firm Volexity. The attack affected both desktop and mobile customers, according to RiskIQ. It's unclear how many customers were hit.

Newegg didn't immediately respond to a request for comment on the RiskIQ report.

The retailer appears to be the latest victim of Magecart, which RiskIQ researchers say is also responsible for recent hacks against British Airways and Ticketmaster.

Earlier this month, British Airways said it was investigating a data breach and the theft of customer info. The company said the breach was resolved but customers' personal and financial information was exposed if they'd made bookings during the previous couple of weeks. Roughly 380,000 card transactions were reportedly affected.

The Ticketmaster breach happened earlier in June, with personal and credit card info being pilfered.

"These attacks are not confined to certain geolocations or specific industries—any organization that processes payments online is a target," said Yonathan Klijnsma, a threat researcher at RiskIQ, in an email statement. "The latest breach of Newegg demonstrates the true extent of Magecart operators' reach." 

Security:  Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.

Taking It to Extremes: Mix insane situations -- erupting volcanoes, nuclear meltdowns, 30-foot waves -- with everyday tech. Here's what happens.

First published on Sept. 19, 10:25 a.m. PT.

Updates, 1:13 p.m. PT: Adds Yonathan Klijnsma statement.