Newegg customers may have had their credit card information stolen

Page 2 of 2 FirstFirst 12

  1. Cr00zng
    Posts : 750
    Windows 10 Pro 64-bits
       New #10

    The article states that this hack involved Magecart, which requires admin or other high level of access to be able to add the malicious javascript code.

    Newegg is a PCI level 2, or possibly level 1 merchant and as such, it is required to comply with PCI Data Security Standard, PCI DSS for short. The following is just a short list of Newegg's non-compliance to PCI DSS:

    1. No SSH/2FA for a limited number of production support
    2. Control inbound production access with Web Application Firewall (explicit web pages whitelist)
    3. Restrict outbound access to explicit whitelist
    4. Monitor and alert/block website source code changes

    I also question how the outside PCI DSS auditor could certify Newegg as "compliant" to PCI DSS requirement.

    Nowadays, data breaches are daily occurences and all companies are excusing themselves by blaming "APT" (Advanced Persistent Threat) for the breach, instead of admitting that they had messed up. It's hard to blame them, when the regulatory agencies accept this bogus excuse and there's really no consequences for the companies. Except to their customers, of course...
      My Computer
    Quote Quote

  3. EdTittel
    Posts : 4,224
    Windows 10
       New #11

    Thanks for sharing. I switched to using PayPal with Newegg awhile back, too.
    --Ed--
      My Computers
    Quote Quote

  4. Zardoc
    Posts : 516
    Windows 10 Enterprise
       New #12

    Cr00zng said:
    I've been using virtual CC# for online purchases, with a dollar limit of the exact amount of my purchase and an expiration date of the following month, which I create at my CC providers website. For the last decade or so, I have never had an issue with my real CC#s being stolen...
    Who do you use for CC# ?

    Thanks.
      My Computer
    Quote Quote

  5. masenshi
    Posts : 28
    Microsoft Windows 10 Home 64-bit 19044
       New #13

    Check this tweet to see how bad their security is, they have Windows Server 2008 box accessible on the net

    Dan Tentler on Twitter:
      My Computer
    Quote Quote

  7. SoFine409
    Posts : 1,524
    Win10 Pro
       New #14

    Cr00zng said:
    I've been using virtual CC# for online purchases, with a dollar limit of the exact amount of my purchase and an expiration date of the following month, which I create at my CC providers website. For the last decade or so, I have never had an issue with my real CC#s being stolen...
    I do the same thing and sleep better at night for having done so. BTW, I use Citi Bank MasterCard.
      My Computers
    Quote Quote

  8. Borg 386
    Posts : 39,955
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition, Win 11 Pro
       New #15

    Newegg data breach exposed customer credit card info, says report


    Some Newegg customers reportedly had their credit card info nicked, as hacking group Magecart strikes again.

    Security researchers RiskIQ said Wednesday that Magecart inserted malicious code into the payments system of the hardware and electronics retailer and made off with charge card data.

    The nasty code was running on the Newegg site from Aug. 14 until Sept. 18, according to RiskIQ, which researched the incident with cybersecurity firm Volexity. The attack affected both desktop and mobile customers, according to RiskIQ. It's unclear how many customers were hit.

    Newegg didn't immediately respond to a request for comment on the RiskIQ report.
    Newegg data breach exposed customer credit card info, says report - CNET
    Last edited by Borg 386; 21 Sep 2018 at 08:31.
      My Computer
    Quote Quote

  9. Josey Wales
    Posts : 26,449
    Windows 11 Pro 22631.3447
       New #16

    Borg 386 said:
    Newegg data breach exposed customer credit card info, says report - CNET
    Newegg customers may have had their credit card information stolen - Windows 10 Forums

    Already Posted Borg.
      My Computer
    Quote Quote

  10. HRPuffnstuff
    Posts : 568
    Windows 11 Pro
       New #17

    I almost ordered a fan from them during the breach period but had a bad feeling and went elsewhere so coming here and learning about this breach made me feel better for not doing business with them during that time frame.

    I wonder if the fed will step in like they have with other companies and force them to make changes?
      My Computers
    Quote Quote

 

  Related Discussions
Credit Card Problem
in General Support

(Given that I have no idea what the problem is, I have an equal lack of idea as to which forum this belongs in; thus, it is here, and open to being moved.) Briefly, I received a replacement credit card last Tuesday. Getting it authorized was very...
I ran a report to see what has got a hold of my computer. I hope I attached the file properly. I also found a file in my temp folder named outlook logger. Could you please look at my tcp report and let me know what I need to do. How can I identify...
Credit rating giant Equifax admits hack; as many as 143 million affected | ZDNet Equifax data breach: Find out if you were one of 143 million hacked - CNET
I have been purchasing Computer items from NEWEGG for over 20 years. I was unaware that NEWEGG uses Third Party Sellers in a lot of items. Most are located in CHINA with a small office in the States. If the item is okay then everyone is happy. ...
500GB SSD Drive Cheap From Newegg
in Drivers and Hardware

This one's just too good not to tell y'all about! Wheeeeeeeeeeee, this is great! 500 GB SSD for $134.99! Newegg.com - This Weekend Only: $134.99 Crucial 500GB SSD ? $110 OFF Lenovo Core i7 15.6 Laptop
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 01:16.
Find Us




Windows 10 Forums