PSA: Newegg hacked

From Tom’s Hardware:

This was confirmed by an announcement on Newegg’s customer service page:

https://help.newegg.com/contactus

Quote:

Important Information

Yesterday we learned one of our servers had been injected with malware which was identified and removed from our site. We’re conducting extensive research to determine exactly what info was obtained and are sending emails to customers potentially impacted. Please check your email for any correspondence.

I actually bought some drive rails from them on 9/10, but I think I’m safe because I used Paypal, nor do I have a card on file with Newegg.

4 Likes

NOOOOO!!! My favorite site!

:sob::sob::sob::sob::sob::sob::sob::sob::sob::sob::sob::sob::sob:

Moved to news because it seemed more fitting. Pinned for 4 days

2 Likes

Oh FFS. Seems like everyone is getting hacked

2 Likes

Yes, everybody will get hacked sooner or later.

Anyway, story so far is you’re only impacted if you purchased something from Newegg between August 13 and September 18.

Interesting part of this attack is that they didn’t grab Newegg’s database; instead they skillfully injected code into their purchase page that skimmed customer info at the point of sale. This was a sophisticated attack.

https://forum.level1techs.com/t/the-lounge-2018-09-september-executive-edition/131768/23054?u=mutation666

1st :stuck_out_tongue: TLDR
August 14 and September 18 Dates effected had an order on the 22nd :frowning:

1 Like

In that case, I would probably call my bank and ask for a replacement card. Generally they will send it next-day delivery.

messes up all my auto payments but yeah probably have to do that tomorrow or something

Damn
I just ordered some stuff from Newegg yesterday (not to mention ticketmaster today).
ok if they have both been fixed but fffffffffffffffff-

It’s almost like there’s a bell curve relationship between size of company and repercussions

@wendell I am sure you have noted this already but deff for next week news

1 Like

Ordered something on September 14.

Guess I’ll have to take even more time off of work tomorrow :anger:

1 Like

So I did order from Newegg during the time that they were exploited. But I did it with PayPal instead of a credit/debit card. Does that mean I’m good, or do I need to put a lock on my PayPal account and/or debit card?

I would wait to see if Newegg emails you, but you’re almost certainly good. Maybe change your paypal password.

1 Like

Shit. Good thing I use PayPal? I was about to order some ssd drives this week.

I somehow doubt that using Paypal makes things much more secure. It’s not like a sign-in page can’t get compromised.

Paypal is a tokenized oauth system so it should indeed be more secure.

Good thing my card number they have is to a bank that doesn’t exist anymore.

image

I bought a RAM module from Newegg like 3 months ago, nothing unusual happened so far, no e-mails from them, no foreign activity on my credit card or anything of that nature, but i’ll keep my eyes open, thanks for the PSA!

1 Like