Between August 14th and September 18th 2018, popular US computer hardware and electronics retailer Newegg experienced a data breach affecting the credit card details and personal information of their customers. It is not yet known how many people were affected, but due to the length of the breach, investigations are ongoing.
The attack is believed to have been conducted by a group known as Magecart, who added malicious JavaScript to Newegg’s online payment page, causing credit card information to be skimmed and sent to a separately-registered domain known as Neweggstats.com. According to security firms RiskIQ and Volexity, the approach of this attack was similar to those experienced by British Airways and Ticketmaster earlier this year.
Yonathan Klijnsma, RiskIQ threat researcher said:
“The breach of Newegg shows the true extent of Magecart operators’ reach. These attacks are not confined to certain geolocations or specific industries—any organisation that processes payments online is a target. We can assume this attack claimed a massive number of victims.”
Their investigation discovered a 15-line card-skimming code used on Newegg’s payment page which was almost identical to those used in previous attacks. The skimmer was merged with Newegg’s actual payment processing page so that it could be concealed from recognition. As customers entered their card details during the checkout process, the attackers were able to send the data through to their ‘fake’ site before the transaction took place.
RiskIQ and Volexity are keeping a close eye on Magecart breaches, with quick detection alerts to resolve any issues as rapidly and effectively as possible. Although, with hackers’ ability to evolve and improve their methods over time, the capability of spotting a breach before it has done significant damage can still prove difficult. It’s clear that organisations must continuously review their payment channels and take appropriate precautions to reduce their probability of a data breach.
An effective way of doing this is to take any sensitive data associated with the organisation “out of scope”, meaning it never actually enters their networks or environment. This can be done using a third-party secure payment solutions provider, such as Key IVR, who ensure payments are processed safely and securely at every point of the transaction.
Take a look at our Payment Solutions or alternatively contact a member of our team on +44 (0) 1302 513 000 or email sales@keyivr.com
