Hackers have stolen the credit card details of all customers of the online shopping giant Newegg who entered their payment information between August 14 and September 18 of this year, according to security researchers.
Security firms RiskIQ and Volexity revealed the breach on Tuesday evening. The hackers used what essentially is a code-based credit card skimmer: a few lines of code surreptitiously embedded within the site’s payment page. Researchers say the hackers, who have been dubbed the Magecart group, are the same gang that hit British Airways and Ticketmaster earlier this year.
“The breach of Newegg shows the true extent of Magecart operators’ reach,” RiskIQ researcher Yonathan Klijnsma wrote in a blog post. “These attacks are not confined to certain geolocations or specific industries—any organization that processes payments online is a target.”
If you are a Newegg customer and you typed your credit card number on the site between August 14 and September 18, you should contact your bank and cancel your card. As of this writing, it’s unclear how many credit cards were compromised.
Newegg did not immediately respond to a request for comment.
This story has been updated to include a comment from Meltzer.
Got a tip? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at email@example.com, or email firstname.lastname@example.org
Solve Motherboard’s weekly, internet-themed crossword puzzle: Solve the Internet.