Fraud Alert: Monitor your credit card if you’ve shopped at Newegg recently
During a 5-week period between August 14 to September 18 2018, credit card information used on Newegg was exposed to hackers via malicious code. Mentioned in a Twitter post this morning, shoppers should check their email to see if their account information is at risk.
Hackers were able to collect credit card information by injecting 15 lines of malicious code into the payments page on both desktop and mobile versions of the site. The code sent to a different server while utilizing a HTTPS certificate setup by the hackers.
This data breach doesn’t appear to impact anyone that made a purchase prior to August 14. After Newegg emails all impacted users, the site plans to post a FAQ by Friday to help impacted users. However, anyone that’s made a purchase on Newegg in the last five weeks should monitor credit cards and other payment methods for potential fraud.
You can read the entire email being sent out to users below:
Yesterday, we learned one of our servers had been injected with malware which may have allowed some of your information to be acquired or accessed by a third party. The malware was quite sophisticated and we are conducting extensive research to determine exactly what information may have been acquired or accessed and how many customers may have been impacted. We will keep you up to date with our progress and work to ensure this doesn’t happen again. The malware is no longer on our site and we will be doing our best to bring the culprits to justice.
We have not yet determined which customer accounts may have been affected, but out of an abundance of caution we are alerting those accounts at risk as soon as possible so that they can keep an eye on their accounts for any suspicious activity. We hope by alerting you quickly to help prevent any misuse of information that may have been acquired or accessed.
By Friday, we will publish an FAQ that will answer common questions we get; we will send you a link as soon as it goes live. We will also publish the link on our social media platforms. We want to make sure you are completely informed.
We are very sorry circumstances have warranted this message. We are working diligently to address this issue and will provide additional information to you shortly.
It’s likely that the FAQ posted at the end of the week will detail how widespread the data loss was and detail exactly what information (beyond credit card numbers) was lost.