Top 3 Spookiest Data Breaches of 2018

October 30, 2018
by Ohad Hagai

Top 3 Spookiest Data Breaches of 2018

Top 3 Spookiest Data Breaches of 2018

October 30, 2018
by Ohad Hagai

October 30, 2018
by Ohad Hagai

Halloween came early for many corporate giants in 2018. On All Saints’ Eve, we are going to break down the top 3 hacks of the year created by 3rd party script vulnerabilities and loopholes.

Multiple sources have confirmed that Magecart is the criminal group behind the nightmares experienced by Newegg and British Airways this year. In both cases, hackers targeted customers’ payment data by injecting malicious 3rd party scripts into payment page components. Let’s take a closer look at these attacks.

Online data breaches have risen by 75% since 2017. Click To Tweet

British Airways – Almost 400,000 Customers affected

On 7 September, news broke that BA’s website and mobile app were breached between August 21 and September 5, affecting 380,000 people.

22 lines of code (LoC). That’s all it took the hackers to gain illegal access to thousands of credit card numbers and other payment details. As per security firm RiskIQ, the malicious code was planted on the airline’s payments page via a modified version of the Modernizr JavaScript library.

The hackers modified JavaScript files without hobbling the core functionality of the page, which apparently wasn’t changed since 2012. The malware uploaded data to a “harvesting server” hosted on The malicious infrastructure (domain, VPS provider, etc) was traced to Romania and Lithuania.

The Takeaway

Traditional blacklisting techniques and Web Application Firewalls (WAFs) are becoming ineffective. More and more cybercriminals are using malicious 3rd party scripts to contaminate strategical webpages, where thousands of users perform sensitive actions such as payments or registrations.

Not detecting the data breach and not alerting the required people within 72 hours is also in direct violation of the General Data Protection Regulation (GDPR).

Newegg – 50 Million Monthly Shoppers At Risk

US-based Newegg Inc., a leading computer hardware and consumer electronics online retailer, hit the news in September 2018 for all the wrong reasons.

Cybercriminals injected 15 lines of code into Newegg’s payments page, which can be accessed via web and mobile. This malicious code stayed on the page from August 14th all the way till September 18th. The script, placed on the final checkout page, skimmed personal credit card info from unsuspecting customers.

Not only was the functionality of the script nearly identical to the original one, the attackers also managed to minimize and beautify it, making it less detectable. The stolen data was then transferred to a server with a similar domain name and a HTTPS certificate that the hackers had set up in advance.

The Takeaway

Newegg has refused to dive into exact details, but some kind of scripting vulnerability was exploited. For example, 3rd party tags for analytics or BI purposes can potentially introduce loopholes when the vendor makes code changes or due to “hidden connections” with 4th party services.

Regardless of the exact technique used, the illegal exporting of data to the external server (creation of a malicious service) went totally undetected.

The Malicious Code Used in the Newegg Hack

Ticketmaster – 40,000 British User Accounts Compromised

On June 27, 2018 it was reported that up to 40,000 British customers may have had their credit card information stolen due to a security breach. Ticketmaster’s PR department eventually confirmed that a hacking of their systems affected UK transactions between February 2018 and 23 June 2018.

Upstart bank Monzo is even claiming that the breach started on April 6 when 70% of its customers complaining about fraud also made a purchase through Ticketmaster on the same day.  Monzo promptly alerted Ticketmaster about the incidents, but the American company paid little attention to their claims.

The Takeaway

The loophole was caused indirectly by 3rd party vendor, Inbenta Technologies. This company’s solution was a chatbot on Ticketmaster’s site. Inbenta had modified/tweaked a line of JavaScript code in this chatbot to customise it to Ticketmaster’s needs, which ultimately created the vulnerability.

Hackers soon discovered that this script is being run on the payments page. They modified it to harvest user information and their payment credentials.

Courtesy: Monzo

Take Control of Your 3rd Party Tags and Scripts

First and foremost, all 3rd party tags and scripts (along with 4th party dependencies) should be scrutinized by multiple sources prior to their implementation. Besides helping with proper performance and monetary evaluation, this also helps eradicate the lack of visibility within the organization.

A proper internal approval process is key when it comes to implementing new tags and scripts. This is the first line of defence for any online company today.

Secondly, having a comprehensive service monitoring system in place can help you locate code changes in 3rd party tags and even in-house scripts. This can also help you identify newly created malicious services (exporting of sensitive data to an unidentified server) and eliminate them quickly.

Only a proactive approach can help fortify user privacy and boost online security standards. Online publishers and eCommerce vendors, regardless of their size and geographical location, have to make sure they have the required best practices and monitoring solutions in place to create a secure online domain.


Interested in Namogoo?

Schedule a call with one of our marketing consultants
to learn more

Enhance your digital experience with Namogoo

Schedule a free demo