We nerds here at Tom's Guide love shopping online at Newegg, but if you bought anything at the computer-parts retailer in the past month, you'd better check your credit-card statements.
The company revealed today (Sept. 19) that its online-checkout pages had been infected by data-skimming malware from Aug. 14 until yesterday. The thieves behind it seem to be the same who hit British Airways earlier this month and the U.K. branch of Ticketmaster in July.
It's not quite clear exactly what kind of data was stolen, or how many Newegg customers were affected, but it's best to assume that all details entered into Newegg online-checkout pages — names, street addresses and credit-card numbers, expiration dates and CVC codes (printed on the backs of MasterCard and Visa card, and on the front of American Express cards) — for that time period were compromised.
"We are conducting extensive research to determine exactly what information may have been acquired or accessed and how many customers may have been impacted," Newegg CEO Danny Lee said in an email sent to the past month's customers and seen by The Verge. "By Friday, we will publish an FAQ that will answer common questions we get."
Information-security firms RiskIQ and Volexity together determined that the NewEgg theft was the work of Magecart, a data-theft group that has also been fingered for the British Airways and Ticketmaster U.K. break-ins.
"It's becoming clear to the industry that these simple yet clever attacks are not only devastating, they're becoming more and more prevalent," wrote RiskIQ in its report. "Newegg is just the latest victim."
"These attacks are not confined to certain geolocations or specific industries," RiskIQ added. "Any organization that processes payments online is a target."
We've reached out to Newegg for comment and will update this page when we receive a reply.
Get it. IdentityForce UltraSecure+Credit is the best overall service for both credit monitoring and identity protection. It also protects your account with two-factor authentication.
LifeLock Ultimate Plus
It's worth it. Get LifeLock Ultimate Plus if you're very worried about having your identity stolen and you also need antivirus software. But you can get better credit monitoring for less with IdentityForce UltraSecure+Credit.