Yesterday we learned one of our servers had been injected with malware which was identified and removed from our site. We’re conducting extensive research to determine exactly what info was obtained and are sending emails to customers potentially impacted. Please check your email for any correspondence.
I actually bought some drive rails from them on 9/10, but I think I’m safe because I used Paypal, nor do I have a card on file with Newegg.
Anyway, story so far is you’re only impacted if you purchased something from Newegg between August 13 and September 18.
Interesting part of this attack is that they didn’t grab Newegg’s database; instead they skillfully injected code into their purchase page that skimmed customer info at the point of sale. This was a sophisticated attack.
So I did order from Newegg during the time that they were exploited. But I did it with PayPal instead of a credit/debit card. Does that mean I’m good, or do I need to put a lock on my PayPal account and/or debit card?
I bought a RAM module from Newegg like 3 months ago, nothing unusual happened so far, no e-mails from them, no foreign activity on my credit card or anything of that nature, but i’ll keep my eyes open, thanks for the PSA!