Newegg hack exposed customers' credit card data for a month

Online retailer Newegg suffered a security breach that left customer credit card details exposed for around a month, according to a new report. The site was hit by the same hackers behind the recently disclosed British Airways breach, as well as a previous one involving Ticketmaster in the UK. Customers impacted by the security issue will be notified by email.

News of the site's breach came from RiskHQ and Volexity, which point toward malicious JavaScript code that was on the page secure.newegg.com, where it would grab customer payment card details during the checkout process.

That info would then be sent to the domain NeweggStats[dot]com, according to the reports, for the hackers to access. In a tweet on its Twitter account this afternoon, Newegg acknowledged the hack, saying that it learned of the malware's presence yesterday.

The code "was identified and removed from our site," Newegg says. "We're conducting extensive research to determine exactly what info was obtained and are sending emails to customers potentially impacted." It appears the breach was confirmed by Volexity on August 16 and removed by Newegg on September 18, meaning it was active for around a month.

It's unclear at this time how many customers may have been hit by the breach, which could leave individuals open to financial fraud and theft. Customers are advised to check their email for additional info from Newegg.

SOURCE: RiskHQ, Volexity