Researchers have claimed that US computing retailer Newegg has suffered a data breach, likely from the same attackers responsible for the breach in British Airways' payment system earlier this month, resulting in the theft of payment card details.
The breach in British Airways' payment system was reported by its parent company International Airlines Group (IAG) earlier this month, admitting that an attack on its web server had resulted in all payment details - including the card verification value (CVV) digits from the rear of the card, a security measure designed to prevent abuse of stolen stored card details - over a two-week period being obtained by attackers unknown. Now, researchers responsible for analysing the original attack and identifying it as a customised variant of the Magecart malware are back with the claim that Newegg has become the next victim - and had the malware on its site for a month.
'On August 13th Magecart operators registered a domain called neweggstats.com with the intent of blending in with Newegg’s primary domain, newegg.com,' reads a report by Yonathan Klijnsma of RiskIQ, which worked with Volexity on its analysis of the attack. 'Registered through Namecheap, the malicious domain initially pointed to a standard parking host. However, the actors changed it to 188.8.131.52 a day later, a Magecart drop server where their skimmer backend runs to receive skimmed credit card information. At this point, the server was ready for an attack—an attack against the customers of newegg.com. Around August 14th, the attackers placed the skimmer code on Newegg, managing to integrate it into the checkout process and achieve their goal of disguising it well.'
Unlike BA, however, Newegg had not yet issued a statement on the breach by the time the issue went public - though it appears to have removed the malicious code from its site. Customers of Newegg, which launched a UK site back in 2014, can expect to be contacted in the coming days.
March 12 2019 | 19:11