Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Community > MacNN Lounge > NewEgg data breach

NewEgg data breach
Thread Tools
Thorzdad
Moderator
Join Date: Aug 2001
Location: Nobletucky
Status: Offline
Reply With Quote
Sep 19, 2018, 10:56 PM
 
     
reader50
Administrator
Join Date: Jun 2000
Location: California
Status: Offline
Reply With Quote
Sep 19, 2018, 11:36 PM
 
I did, and had to get my credit card replaced. For the first time.

We'd been blaming gas station stops that happened over a month before, but my one NewEgg order during the hacked period was it. Four days later, unauthorized gasoline charges started.

NewEgg checkout page was breached from August 16 through September 18. Anyone who checked out during that time: the attackers got a copy of your payment page. PayPal users may be OK - NewEgg is expected to clarify what info was exposed for each customer. Expect an email in the next few days.

Starting on August 16, code on NewEgg's checkout page—specifically "CheckoutStep2.aspx," the ASP.NET-based payment page served up by NewEgg's shopping cart system—included 15 lines of JavaScript that watched for a click on the payment button and submitted the entire form to the remote server. "The initial event methods binded to the button btnCreditCard allow for all data captured to be submitted to the attacker-specified destination when a mouse button is released, as well as when a touch screen has been pressed and released," the researchers from Volexity noted—meaning that the code allowed the attack to work both for computers and mobile devices.
( Last edited by reader50; Sep 20, 2018 at 12:05 AM. )
     
Thorzdad  (op)
Moderator
Join Date: Aug 2001
Location: Nobletucky
Status: Offline
Reply With Quote
Sep 20, 2018, 04:54 PM
 
It appears to be the same group that hit Ticketmaster UK earlier. Here's a little background on it.
This is a worrisome pullquote...
The Magecart actors have even left a message in the compromised code: 'If you will delete my code one more time I will encrypt all your sites: you very bad admins.' It seems, suggest the researchers, "the Magecart actors have broad access that they aren't afraid to use if the administrator removes their skimmer again.
     
reader50
Administrator
Join Date: Jun 2000
Location: California
Status: Offline
Reply With Quote
Oct 17, 2018, 03:56 PM
 
Has anyone heard from NewEgg about this? It's been nearly a month since the news broke.

• I've gotten no email from them, notifying of the data breech.
• I visit their page most days for sales. No banners or other notifications noted.
• Their news page makes no mention of the breech.
• Searching my account turns up no notifications. Even though I still have the compromised card listed with them.

Under CA Civil Code §§ 1798.29 and 1798.82 (2nd section appears to be a shorter copy of the 1st):
... The disclosure shall be made in the most expedient time possible and without unreasonable delay ...
(A) Email notice when the agency has an email address for the subject persons.
(B) Conspicuous posting, for a minimum of 30 days, of the notice on the agency’s Internet Web site page, if the agency maintains one. ...
(C) Notification to major statewide media and the Office of Information Security within the Department of Technology.
...
Exception applies if law enforcement believes the notifications will impede an investigation. But the news has already been published.

The statute does not mention the penalties for noncompliance. For links to other states' notification laws, see this page.
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 08:45 PM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,