Newegg Data Breach exposes Users Credit Card Details

The malicious credit card stealing MageCart script behind the British Airlines and Feedify breaches have struck again, but this time against Newegg, one of the largest online technology retailers. The attack has resulted in customer credit card information being stolen.

Craig Young, security researcher at Tripwire, said: "The Newegg breach provides a great example of how certificate transparency logs provide an incredibly helpful threat intel source. Certificate transparency (CT) mandates that trusted certification authorities (CA) must maintain a public log of certificates they issue.

"Organizations can monitor these logs for certificates being issued for domain names that are visually similar to legitimately used domains. This similarity can be detected with simple pattern matching or more advanced techniques such as Levenshtein distance measurements.

"In this case, the attack campaign started with the attackers setting up an HTTPS server at neweggstats.com. For Newegg, seeing this domain come online wouldn’t immediately indicate a breach, but it should be enough for a security team to investigate further and likely reveal the newly added references to this domain in their checkout code.

"This technique can also be quite helpful for identifying phishing or CEO fraud campaigns where attackers send email from similarly named domains in an attempt to trick customers or employees into divulging credentials or making wire transfers."