Hackers have stolen the credit card details of all customers of the online shopping giant Newegg who entered their payment information between August 14 and September 18 of this year, according to security researchers.

Security firms RiskIQ and Volexity revealed the breach on Tuesday evening. The hackers used what essentially is a code-based credit card skimmer: a few lines of code surreptitiously embedded within the site’s payment page. Researchers say the hackers, who have been dubbed the Magecart group, are the same gang that hit British Airways and Ticketmaster earlier this year.


“The breach of Newegg shows the true extent of Magecart operators’ reach,” RiskIQ researcher Yonathan Klijnsma wrote in a blog post. “These attacks are not confined to certain geolocations or specific industries—any organization that processes payments online is a target.”

A screenshot of the javascript code used by the hackers to steal credit card data. (Image: RiskIQ)

Matthew Meltzer, a security analyst at Volexity, echoed Klijnsma saying that “these last few attacks not only highlight the threat which the Magecart actors pose to eCommerce retailers, but demonstrate how just a few lines of JavaScript can lead to massive financial theft.“

If you are a Newegg customer and you typed your credit card number on the site between August 14 and September 18, you should contact your bank and cancel your card. As of this writing, it’s unclear how many credit cards were compromised.

Newegg did not immediately respond to a request for comment.

This story has been updated to include a comment from Meltzer.

Got a tip? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at lorenzofb@jabber.ccc.de, or email lorenzo@motherboard.tv