PSA: Newegg hacked

imrazor · September 19, 2018, 8:48pm

From Tom’s Hardware:

This was confirmed by an announcement on Newegg’s customer service page:

https://help.newegg.com/contactus

Quote:

Important Information

Yesterday we learned one of our servers had been injected with malware which was identified and removed from our site. We’re conducting extensive research to determine exactly what info was obtained and are sending emails to customers potentially impacted. Please check your email for any correspondence.

I actually bought some drive rails from them on 9/10, but I think I’m safe because I used Paypal, nor do I have a card on file with Newegg.

Goalkeeper · September 19, 2018, 8:51pm

NOOOOO!!! My favorite site!

Moved to news because it seemed more fitting. Pinned for 4 days

SoulFallen · September 19, 2018, 8:52pm

Oh FFS. Seems like everyone is getting hacked

Ruffalo · September 19, 2018, 9:07pm

Yes, everybody will get hacked sooner or later.

Anyway, story so far is you’re only impacted if you purchased something from Newegg between August 13 and September 18.

Interesting part of this attack is that they didn’t grab Newegg’s database; instead they skillfully injected code into their purchase page that skimmed customer info at the point of sale. This was a sophisticated attack.

mutation666 · September 19, 2018, 9:16pm

https://forum.level1techs.com/t/the-lounge-2018-09-september-executive-edition/131768/23054?u=mutation666

1st TLDR
August 14 and September 18 Dates effected had an order on the 22nd

Ruffalo · September 19, 2018, 9:18pm

In that case, I would probably call my bank and ask for a replacement card. Generally they will send it next-day delivery.

mutation666 · September 19, 2018, 9:19pm

messes up all my auto payments but yeah probably have to do that tomorrow or something

khaudio · September 19, 2018, 9:22pm

Damn
I just ordered some stuff from Newegg yesterday (not to mention ticketmaster today).
ok if they have both been fixed but fffffffffffffffff-

It’s almost like there’s a bell curve relationship between size of company and repercussions

mutation666 · September 19, 2018, 9:24pm

@wendell I am sure you have noted this already but deff for next week news

anon94261841 · September 19, 2018, 9:31pm

Ordered something on September 14.

Guess I’ll have to take even more time off of work tomorrow

imrazor · September 19, 2018, 10:09pm

So I did order from Newegg during the time that they were exploited. But I did it with PayPal instead of a credit/debit card. Does that mean I’m good, or do I need to put a lock on my PayPal account and/or debit card?

Ruffalo · September 19, 2018, 10:10pm

I would wait to see if Newegg emails you, but you’re almost certainly good. Maybe change your paypal password.

Melcar · September 19, 2018, 11:19pm

Shit. Good thing I use PayPal? I was about to order some ssd drives this week.

Ramiel · September 21, 2018, 3:18pm

I somehow doubt that using Paypal makes things much more secure. It’s not like a sign-in page can’t get compromised.

Ruffalo · September 21, 2018, 3:21pm

Paypal is a tokenized oauth system so it should indeed be more secure.

FaunCB · September 21, 2018, 3:45pm

Good thing my card number they have is to a bank that doesn’t exist anymore.

nx2l · September 25, 2018, 9:33pm

Automobili3XF · September 25, 2018, 9:49pm

I bought a RAM module from Newegg like 3 months ago, nothing unusual happened so far, no e-mails from them, no foreign activity on my credit card or anything of that nature, but i’ll keep my eyes open, thanks for the PSA!