Customers who made a purchase on Newegg in the past month may have had their payment card details stolen in a hack.

The electronics retailer says hackers secretly installed malware on a Newegg server. It's still determining what data the malicious code was seeking to steal, but security researchers say the hackers were after credit card numbers.

Yesterday we learned one of our servers had been injected with malware which was identified and removed from our site. We're conducting extensive research to determine exactly what info was obtained and are sending emails to customers potentially impacted. Please check your email — Newegg (@Newegg) September 19, 2018

The attack occurred between Aug. 14 and Sept. 18, security firms RiskIQ and Volexity said in a report. The hackers first compromised the Newegg site and then tampered with the retailer's checkout process to secretly forward customers to a dummy Newegg website under their control, neweggstats.com.

Any payment data entered in the checkout process was then collected, on desktop and mobile. "Over an entire month of skimming, we can assume this attack claimed a massive number of victims," RiskIQ said.

The security firms are blaming the Newegg breach on a hacking group, dubbed Magecart, that allegedly did the same with the British Airways site, stealing sensitive data from as many as 380,000 travelers.

The hackers added a mere 15 lines of code in Javascript to the payment processing page, which may have made their scheme difficult to detect. "The code in this case is customized to work with the Newegg website and send data to a different domain the attackers created in an attempt to blend in with the website," Volexity said in its blog post.

Newegg said the malware has been pulled off its site. The retailer will publish an FAQ on the incident by Friday. In the meantime, the company urges buyers to watch their bank and credit accounts for any unauthorized purchases.

Security researchers say Magecart attackers have targeted thousands of websites across the world, including Ticketmaster, which reported a similar credit card skimming breach in June involving one of its third-party suppliers. Two other sites, Stein Mart and ShopperApproved, were also recently hit in Magecart attacks, a RiskIQ researcher claims.

Both security firms warn that the credit card skimming schemes from the Magecart hackers will only ramp up. "With minimal setup or knowledge required, these attacks will surely increase as time goes on," Volexity said.

Further Reading

Security Reviews