Newegg, the electronics retailer, was reportedly the victim of a data breach that lasted a month.
According to a news outlet citing RiskIQ Threat Researcher Yonathan Klijnsma, the research found that hackers installed 15 lines of card skimming code on Newegg’s payments page, which stayed on the site from Aug. 14 through Sept. 18. The hackers sent credit card data to a service controlled by them, noted the report. The code was removed by the site after being alerted by Volexity, the incident response firm.
In an email to customers, Newegg Chief Executive Danny Lee said the company hasn’t determined the customer accounts that were impacted by the breach. “The breach of Newegg shows the true extent of Magecart operators’ reach,” said Klijnsma in the report. “These attacks are not confined to certain geolocations or specific industries — any organization that processes payments online is a target.”
Newegg isn’t the only retailer to fall victim to a data breach. In June, Macy’s detected suspicious logins prompting the retailer to warn customers about a data breach. The retailer said that a threat targeted the profiles of customers for nearly two months, Detroit Free Press reported at the time. In a letter to its eCommerce customers, Macy’s said that a third party was behind the suspicious activity, and that party had received information from a non-Macy’s source. Over a period spanning from the end of April to the middle of June, the party made use of usernames and passwords to log in to customers’ accounts, and then gained access to names, email addresses, phone numbers, birthdays and payment card information. However, Macy’s said the accounts don’t include Social Security Numbers or CVV numbers. While Macy’s blocked the profiles that it believes to have been compromised, the retailer is asking customers to “remain vigilant.” In addition, Macy’s has arranged for free identity protection to customers impacted by the incident through AllClear ID.