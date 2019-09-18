from the rotten-egg dept.
Newegg has been hacked (archive). If you bought anything on Newegg.com between August 13th and September 18th, get a new credit card:
Newegg is investigating a data breach that may have compromised credit card details and other information about its customers, though the full extent of the damage is not yet known.
"Yesterday, we learned one of our servers had been injected with malware which may have allowed some of your information to be acquired or accessed by a third party," Newegg CEO Danny Lee states in an email being sent out to potentially affected customers." The malware was quite sophisticated and we are conducting extensive research to determine exactly what information may have been acquired or accessed and how many customers may have been impacted."
[...] Researchers from RiskIQ and Volexity say the attackers installed credit card skimming malware onto Newegg's website. They injected the malicious code into Newegg's payment processing page, basically hiding in plain site for more than a month, the researchers say.
The stolen credit card data was then sent to a drop server on a domain the hackers had registered, initially parked at neweggstats.com. They obtained a security certificate for the site from Comodo so that it appeared legitimate.
takyon: A news search for "Newegg" finds numerous examples of PC Gamer directing its readers to the site for deals (and steals?) during the breach period.
Also at Ars Technica and The Verge.
Previously: Encryption Patent That Roiled Newegg is Dead on Appeal
Newegg Is Being Sued for Allegedly Engaging in Massive Fraud
Related Stories
Arthur T Knackerbracket has found the following story:
Patent-holding company TQP Development made millions claiming that it owned a breakthrough in Web encryption, even though most encryption experts had never heard of the company until it started a massive campaign of lawsuits. Yesterday, the company's litigation campaign was brought to an end when a panel of appeals judges refused (PDF) to give TQP a second chance to collect on a jury verdict against Newegg.
The TQP patent was invented by Michael Jones, whose company Telequip briefly sold a kind of encrypted modem. The company sold about 30 models before the modem business went bust. Famed patent enforcer Erich Spangenberg bought the TQP patent in 2008 and began filing lawsuits, saying that the Jones patent actually entitled him to royalties on a basic form of SSL Internet encryption. Spangenberg and Jones ultimately made more than $45 million from the patent.
TQP appealed its case, and oral arguments were heard at the US Court of Appeals for the Federal Circuit on February 8. Yesterday, the three-judge panel found in Newegg's favor, issuing a short two-page order that did not explain its reasoning. While TQP could theoretically still appeal to the full Federal Circuit or to the Supreme Court, it's far from clear there's any legal issue in the case that would compel either of those bodies to take the case.
Gizmodo and Digitaltrends are among those reporting that electronics retail website Newegg has been sued by South Korean Banks, who say that Newegg and the South Korean Hardware company Moneual conspired to defraud the banks of "hundreds of millions of dollars."
The lawsuit, which was filed in U.S. District Court in Los Angeles, claims that Newegg and computer wholesaler ASI Corp. made false orders for home-theater computers from Moneual. The banks claim that Moneual organized the scheme and used the fake orders to obtain funds from the four banks. Newegg and ASI allegedly received a cut of the money in exchange for their cooperation.
[...] The computers that Moneual ordered were allegedly priced at 300 times their actual retail value, which is why the banks believe Newegg and ASI were part of the scam.
"No such business would have [paid] such an inflated price, unless it intended to create the illusion of extensive, profitable, high-value commerce... for the purpose of defrauding lenders into supporting the transactions," the lawsuit alleges.
The four banks are demanding a jury trial and monetary damages. They say that $230 million is still owed from the faulty loans that Moneual obtained.
(Score: 2) by RandomFactor on Wednesday September 19, @10:38PM
Had to double check, been a good bit longer since I ordered anything from Newegg so presumably I won't be getting a letter :-)
I do try to patronize Newegg on significant purchases, just haven't really ordered anything of late.