What You Should Know About the Newegg Data Breach - FeeFighters

What You Should Know About the Newegg Data Breach

FeeFighters is a growing company based in New Jersey. The company offers credit card comparison services and negotiates to reduce the existing fees if the companies are unprepared to change their processors.

 

Most technology fans prefer Newegg as their online electronics retailer. Newegg is one of the latest companies to be hit by a data breach. Some Newegg customers recently reported their credit card information being exposed. The main suspect group behind this attack is “Megacart.” This group has been responsible for a series of popular cyber-attacks in Britain, such as the British Airways data breach. Newegg Company is currently one of the largest retailers located in the US. In 2016, it had a total revenue of $2.65 billion USD and boasts more than 45 million unique visitors to their site each month.

 

The data breach resulted in an exposure of credit card numbers and lasted from August 14 to September 18, 2018. The company is currently doing further analysis of the damage of the data breach. The incident was first discovered by Volexity, a security firm which found the card skimming malware and reported its findings to the company. After the online retailer was informed they removed the malware code on Tuesday, August 18th.

 

During the attack, the hackers managed to successfully inject 15 lines of card skimming codes on the company’s website. The hackers created a webpage called “neweggstats.com.” This page was used to infiltrate the Newegg servers and add an extra 15 lines of JavaScript to the legitimate company’s website. The JavaScript was programmed to steal personal data and credit card information. As the customers were making their purchases online and entering their credit card information, the malicious malware copied each customer’s information and sent it to the hackers servers.

 

Security firms’ riskIQ and Volexity, that investigated the breach, reported that the methods used in the data breach included the card skimming codes resembling those used in the data breach at the Ticketmaster in June and the more recent British Airways data breach in September this year.

 

They used the same domain name to bring confusion to unsuspecting customers and carry out their attack without arousing suspicions. They also used an SSL certificate, which is secure, to avoid making the customers suspicious. The data breach affected most desktop users. There is also a theory that mobile phone users were affected but this has not been proven yet. According to Yonathan Klijnsma, a RiskIQ researcher, the attack by the group shows the extent of their abilities and that any online payment processing company is a target for the hackers. He also added that there are no specific targets and target locations.

 

Newegg did not respond to the comments by Gizmodo. However, Techcrunch reported that the CEO of the company, Danny Lee, sent an email to all customers of the company informing them of the attack and that they have not yet fully determined all affected accounts.

 

How to Prevent Future Attacks

When data breaches occur it deals a very big blow to e-commerce businesses. The clients lose confidence in the company and the company may face many lawsuits. This brings about losses to the company. Some small companies are most affected by data breaches and may not survive the attacks. For example, “DistributeID” closed down after data breaches hit the company. This brings the major problem of cybersecurity to the forefront. The good news, however, is that there are various ways to deal with the data breach challenges:

 

  1. Using a Secure Payment Gateway

Payment gateways have been in use for a long time by online retailers for securing their customers’ data. They act as the broker between the customers, merchants and the banks. Secure payment gateways should have four features; integrity, authentication, non-repudiation, and confidentiality. Authentication ensures that the gateway should verify the parties information before proceeding, integrity ensures that the data remains unmodified while the parties are interacting, confidentiality ensures that data is not disclosed to any unauthorized party during the communication. This includes non-disclosure of customer’s credit card info. Security is also essential in the gateway and customers should be assured of it.

 

  1. Avoid Storing Credit Card Information

Tom Harnish, a senior scientist whose websites have been hacked in the past in order to steal credit information, advises e-commerce sites to avoid storing credit card info on their sites. He states that the security of the websites is not 100% safe and are prone to attacks at some time. He gives the example of big companies like Sony whose websites has been hacked. He instead advises the sites to use trusted third-party soft wares that deal with payment processing for storing their customers’ credit card info.

 

  1. Limiting Employees’ Access to Sensitive Data

Before allowing your employees to access sensitive data that can be easily compromised, you should educate them on ways of securing the data. If possible, you should employ multi-party authorization where more than one employee has to authorize a function before it can be carried out.

 

  1. Perform Regular Server Checks

The servers are the most important as far as your customers’ information is concerned. You should always make efforts to ensure that the servers are secure and protected. You should ensure that you perform regular data scans on the servers to check for threats, malware, and vulnerabilities of the servers. Employees of your company who can access the servers should be thoroughly vetted. Also, installing security measures such as CCTVs and security guards is the first step in ensuring the servers are secure.

 

Data breaches cost companies billions each year, as the retailers violate clients trust in addition to financial loss to correct the situation. Online retailers should, do their best to ensure the safety of their customers’ information.

About the Author

Leave a Reply 0 comments