Newegg is fixing up its website after a month-long data breach. Hackers had injected 15 lines of card skimming code on the online retailer’s payments page. The malicious code remained there for more than a month between August 14 and September 18 of this year. The code retrieved credit card data from customers to a server controlled by the hackers with a similar domain name. The server even used an HTTPS certificate to blend in. The code also worked for both desktop and mobile customers.
The online electronics retailer removed the code on Tuesday after it was contacted by incident response firm Volexity, which first discovered the card skimming malware and reported its findings. The breach has likely affected all customers who have made purchases during the time the code was present in the Newegg website. Newegg not yet determined which customer accounts may have been affected.
If you have used your credit card at Newegg during this period you should immediately contact you bank and also keep an eye out for any suspicious charges on your account.