• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

Gamestop.com Investigating Possible Breach

Link.

Video game giant GameStop Corp. says it is investigating reports that hackers may have siphoned credit card and customer data from its website — gamestop.com. The company acknowledged the investigation after being contacted by KrebsOnSecurity.

“GameStop recently received notification from a third party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website,” a company spokesman wrote in response to questions from this author.

“That day a leading security firm was engaged to investigate these claims. Gamestop has and will continue to work non-stop to address this report and take appropriate measures to eradicate any issue that may be identified,” the company’s statement continued.

Two sources in the financial industry told KrebsOnSecurity that they have received alerts from a credit card processor stating that Gamestop.com was likely compromised by intruders between mid-September 2016 and the first week of February 2017.

Those same sources said the compromised data is thought to include customer card number, expiration date, name, address and card verification value (CVV2), usually a 3-digit security code printed on the backs of credit cards.

Online merchants are not supposed to store CVV2 codes, but hackers can steal the codes by placing malicious software on a company’s e-commerce site, so that the data is copied and recorded by the intruders before the data is encrypted and transmitted to be processed.

GameStop would not comment on the possible timeframe of the suspected breach, or say what types of customer data might be impacted.

Based in Grapevine, Texas, GameStop generated more than $8.6 billion in revenue in 2016, although it’s unclear how much of that came through the company’s Web site. GameStop operates more than 7,000 retail stores through the United States, Canada, Australia, New Zealand and Europe. There is currently no indication that the company’s retail store locations may have been affected.

According to Web site statistics firm Alexa.com, Gamestop.com is the 269th most popular Web site in the United States.

“We regret any concern this situation may cause for our customers,” Game Stop said in its statement. “GameStop would like to remind its customers that it is always advisable to monitor payment card account statements for unauthorized charges. If you identify such a charge, report it immediately to the bank that issued the card because payment card network rules generally state that cardholders are not responsible for unauthorized charges that are timely reported.”

Close if old.
 
Luckily i never bought anything from Gamestop in my life and never will.

But such a data going out always sucks for costumers.
 

Soroc

Member
Man I'm really happy I haven't bought anything from Gamestop in several years. Sorry for those that might be compromised, make sure to keep tabs on your CCs and check sites like haveibeenpwned.com
 

spons

Member
You might have to use a prepaid credit card for sites like this where security is a sideshow (or more likely a shitshow).
 
Gamestop's user management system is so shitty I can't even log in to my legitimately owned account, so I can't imagine a hacker being able to do it either.

That's some next level shit.

I've never successfully bought anything from Gamestop.com, though I did buy a Nintendo 3DS from the store a few years ago. The onyl time I ever used gamestop.com, though, of course, was for the Nintendo NES Classic, which I "bought" was charged for, and then Gamestop canceled the order before shipping. Naturally... It was November 2016, so I'm probably fucked. Goddamnit. Gamestop took the order, charged me, never shipped the item, and then after Christmas canceled the order with no explanation and refunded me... Basically getting an interest free loan from me for a month and ruined my sister's Christmas gift from me. Makes perfect sense that their shoddy web security, to go along with every other second-rate anticonsumer bull shit that they do would get hacked and give up fucking CVV2 details.

*edit*

Oooh, maybe I used paypal. Good thinking ViciousDS.

Oh, thank god, I used PayPal.
 

Neptonic

Member
I read this as GameSpot and freaked out that my GiantBomb subscription payment information was part of this.
Thank god I don't buy games at GameStop
 
Of course the only time I've ordered something from them in the last 10 years happens to fall right in the middle of those dates.
 

dgco86

Member
I'm probably still screwed if I placed a preorder for something in January and was charged for it in March, right? -_-
 

Shmuppers

Member
I've made the switch to walmart/target for games. Something always goes wrong when I try to buy something at Gamestop.
 
Amazing, the hackers got something out of Gamestop without being asked if they want to preorder.

I guess Gamestop passed up the 2 year credit card data protection plan in case of cracks.

Hackers attempted to steal encrypted information, but unfortunately the only copy Gamestop had left was unencrypted.
 

Cody_D165

Banned
As a credit union employee I look forward to yet another round of replacement debit cards and disputed charges thanks to a merchant who doesn't have their shit together.

-_-
 

Tubie

Member
for fucks sake

I bought something from them during the black Friday sale, so this probably affects me as well.
 

mindatlarge

Member
Last thing I bought from GameStop in many years was a Switch. But that was in-store, so I should be good, hopefully. Hope it works out for everyone else. This sort of thing sucks.
 
I've purchased stuff in store but only one thing online and that was with paypal. This kind of stuff makes personal security basically useless. No need to inconvenience yourself when the merchants are just basically pinatas for criminals.
 
Those same sources said the compromised data is thought to include customer card number, expiration date, name, address and card verification value (CVV2), usually a 3-digit security code printed on the backs of credit cards.

They have the god damn security code, too? Jesus fuck.
 

nicanica

Member
So are the hackers going to repackage the cards and resell them?

Or allow you to get the info back by trading in 7 credit cards in return?
 

jony_m

Member
Do the physical stores have the new CC chip readers or old school swipe?

I can't remember, I was there in JAN... first time in years... but it sounds this is online only.
 
Top Bottom