Newegg Hit With Digital Skimmer Stealing Payment Data
By: Jim Stickley and Tina Davis
October 12, 2018
There are all kinds of skimmers. It’s likely you’ve heard the term ATM skimmer. Those are devices attached to ATMs that capture the information the user inputs when using those machines. But did you know there is such thing as a digital skimmer? This is what was used to hoist information from potentially millions of payment cards during a recent attack against a popular online retailer of computer hardware and consumer electronics products.
If you entered payment card details into Newegg’s website between August 14 and September 18, 2018, they may have been grabbed by hackers. It’s been reported by various sources that the same group that was behind the recent Ticketmaster data breach was also behind this. It’s being blamed on Magecart.
First, if you were one that did use your card between those dates, or even dates surrounding them, you should most definitely check your payment card statements for suspicious charges. Immediately contact the card issuer if you see anything out of place. The faster you find fraudulent charges, the better and less costly for all involved. Pay attention to all charges for at least the next year. It’s possible that the information won’t be used right away, but will be placed on the dark web to be sold to the highest bidder. So don’t assume there won’t be unauthorized charges down the road due to this particular breach.
A digital skimmer is code that is placed on a website intended to steal information; specifically it is placed on the checkout page of an ecommerce site. Magecart is the name you will see associated with this breach as well as with the Ticketmaster one. While it is sometimes used to describe a group of hackers, it’s also the name of the code used to perpetrate these attacks; mage.js. This code allows the attackers to steal entered information in real time.
According to a study by IBM, the average time needed to identify and contain a breach of more than 1 million records was 365 days. That means that digital skimmers may be in place for a very long time before anyone even knows.
There are steps merchants can take to limit the risk of having this or other malicious code inserted into their sites:
- Encrypt the data and use the strongest and most up-to-date encryption. This will prevent it from easily being read by skimmers.
- Run regular scans on websites that are externally facing, including cloud servers. This will help find potential access points, so you can close them before others find them.
- Keep all servers updated with the latest critical and security patches.
- Ensure all devices, particularly cloud servers are properly configured to be secure. There are numerous examples of improperly configured Amazon Web Services servers that have been breached just in the past year, including one with Deep Root Analytics, a data firm working with the Republican National Committee, as well as the NSA’s Red Disk program. Misconfigured MongoDB is also a popular target for attackers wanting to spread malware.
This Newegg attack affected desktop and mobile users who made purchases with cards during that timeframe. A number has not been released as to how many were affected. It’s possible it could be in the millions.