It appears that all Web transactions over the past month were affected by the breach.
The domain used by the attack, neweggstats.com, was hosted on a server at the Dutch hosting provider WorldStream and had a certificate. The domain was registered through Namecheap on August 13, using a registration privacy protection company in Panama. The domain’s TLS certificate was purchased through Comodo on the same day. The Comodo certificate was likely the most expensive part of the attackers’ infrastructure.
The NewEgg attack is just one in what RiskIQ’s Klijnsma reports is a wave of attempted Magecart attacks. “Magecart attacks are surging,” Klijnsma said, noting that “RiskIQ’s automatic detections of instances of Magecart breaches pings us almost hourly. Meanwhile, we’re seeing attackers evolve and improve over time, setting their sights on breaches of large brands.”
Ars attempted to reach NewEgg for comment but got no response. We’ll update this story if more details become available.