Why it matters: Newegg is the latest online retailer to be targeted by Magecart, the data hacking group that also struck British Airways and Ticketmaster. Odds are, it probably won't be the last, either.
Computer hardware and electronics retailer Newegg has fallen victim to a data theft campaign that was nearly identical to the one recently used to swipe personal and financial data from British Airways customers.
According to cybersecurity solutions and services firm Volexity, malicious JavaScript was added to Newegg in mid-August. It appeared when moving to the billing information page during checkout where it siphoned off credit card data before sending it to the attackers over SSL / TLS via the domain neweggstats.com.
Newegg removed the offending code on September 18. The Magecart group is reportedly behind the attack according to Volexity and RiskIQ.
It's unclear exactly how many victims were hit although considering Newegg generated $2.65 billion in revenue in 2016 and has more than 50 million visitors a month, the figure is probably pretty large.
The code used in the Newegg attack is functionally very similar to what was used against British Airways albeit more streamlined. Whereas the British Airways attack utilized 22 lines of code, the Newegg attack was carried out using just eight lines of code (or 15 if the code was "beautified").
Anyone that shopped at Newegg over the past month is encouraged to contact their bank immediately for a replacement card.