Dive Brief:
-
Electronics e-retailer Newegg suffered an extortion-based hack Wednesday night that tied up its servers for five hours, the company said.
-
Shoppers tweeted out problems on the site just before 8 p.m. EDT, and Newegg acknowledged the issue about a half hour later.
-
The hackers demanded an unspecified amount of bitcoin, which Newegg started accepting as payment earlier this year. The retailer didn’t acquiesce to the demands.
Dive Insight:
It’s not clear whether Newegg’s distributed denial-of-service (DDoS) attack was in any way made more likely by its acceptance of bitcoin. But, though the attempt tied up the company’s servers for a good five hours, the hackers got nowhere in the end.
A DDoS attack often targets sites like retail sites, repeating a menial computer task so many times that it overwhelms networks. The result is a site that is down or so slow that visitors — like shoppers — find it impossible to use.
Newegg’s COO James Wu said the retailer not only thwarted the attack, but also is taking steps to prevent any such attacks in the future.
“The attackers were blackmailing us for bitcoin,” he told Internet Retailer, though he didn’t specify how much money the hackers were seeking. “We didn’t pay, of course, and we are taking preventative measures against future attacks.”
Retailers will likely see more hacking and fraud attempts in their e-commerce operations as new, more secure chip-enabled cards are increasingly used in stores, experts say.
“Offline merchants are generally prepared because it’s mandated by the credit card companies and they have a big liability shift coming,” Jason Tan, CEO and founder of fraud detection company Sift Science, told Retail Dive. “I don’t think the online merchant is that prepared because human nature is to procrastinate. In other countries the year after the EMV mandate, online merchants saw two times the fraud. That’s a massive massive jump in fraud — so how do you how install a defense mechanism so that doesn't keep you up at night?”
