Support NeoGAF

[Dr. Zoidberg]

I haven't bought anything since 2015. The article makes it sound like the hackers were probably harvesting data at the time of the transaction, hence the CVV2 codes.

 

[RootCause]

2013 was the last time I bought from Gamestop.

I should be safe hopefully

Wait! its just for that time period? Because I've only bought twice from them. Back in Jan 2015(Majors Mask), and recently, March 21.

 

[ElBoxyBrown]

Do the physical stores have the new CC chip readers or old school swipe?

I can't remember, I was there in JAN... first time in years... but it sounds this is online only.

They have the chip readers.

 

[i-Jest]

They would do well to have a 2 step verification feature. Personally, I don't store my CC info.

 

[rainking187]

I last bought something from them in October but I got a new card after the Arby's hack and hadn't updated my card on the site since then, so I should be okay.

 

[Tek]

I used paypal for my Nintendo Switch....hmmm I do have 2 step active on my paypal account though

 

[Persona7]

FUCKING HELL

 

[FX-GMC]

I last bought something from them in October but I got a new card after the Arby's hack and hadn't updated my card on the site since then, so I should be okay.

I had to get a new card near the end of last year from a Wendy's hack. These people need to find better things to do with their time

Spoiler

like rot in jail

 

[tootie923]

Hmm, the last time I bought something from them was in 2015.

 

[Wagram]

Did they get all data or just for a window? Luckily my bank does a free card swipe at any time.

 

[Kawngi]

Ugh, I never shop at GameStop online or retail, but I bought an NES classic from their site as it was the only place I could snag it at the time. Fuckkkkk.

 

[Saint Gregory]

Did you have to buy something during that window or were they able to steal any data stored on the site? I haven't bought anything from them in a while but I saw 2 currently active cards on my account.

 

[LOLCats]

I was never actually able to buy anything from gamestop.com using my debit or cc due to some address mismatch issue.... never have the problem anywhere else so i had to use paypal a couple times in 2015.

blessing in disguise!

 

[tootie923]

Is the best course of action to go ahead and start ordering new cards before the potentially breached ones are used?

I would like to know this too.

 

[Joe Shlabotnik]

For fuck's sake that's when I got an NES Classic off of them and the first time I'd used them in years. Fucking disaster of a company.

 

[GifGafIsTheBestGaf]

thank you GS' shitty policy of not selling to non-US costumers

 

[Dr. Zoidberg]

Wait! its just for that time period? Because I've only bought twice from them. Back in Jan 2015(Majors Mask), and recently, March 21.

Is your card still on file with them? You can go to Account Details -> Payment Methods and see. But it's not clear yet whether the data was harvested from their database or simply at the time of the transaction (i.e. pre-encrypted)

Did you have to buy something during that window or were they able to steal any data stored on the site? I haven't bought anything from them in a while but I saw 2 currently active cards on my account.

I don't think it's clear yet, but if they harvested CVV2 codes it would seem likely they were harvesting at the time of transaction, unless Gamestop was storing the CVV2 codes which would be a big black-eye for them since that is a no-no.

 

[Glitchesarecool]

Paypal likely not affected?

Also why are people who haven't bought from them in years posting here? You don't have to act high and mighty when people's financial information might have been stolen. That's just shitty behavior.

 

[eXMomoj]

This may explain the fraudulent charge I had on my credit card last week...

 

[FlaygletheBagel]

Damn. It's been a rough last few months for Gamestop. Really glad I haven't shopped there in a long time.

 

[Vaev]

I read the summary from OP but I still can't figure out if it's the website and retail or just the website... I recently got a few accessories for my Switch at a retail store, I wanna know if I'm at risk :/

 

[Jayne]

Damn, literally had two unauthorized charges on my debit card last night. I have used that card several times on GameStop's site. I ain't sayin' it's connected for sure.. but that timing..

 

[Tenumi]

Hmm... I did buy something during the time period, but purchased as a guest. Nevertheless, I think I'd be best informing the card owner to keep an eye on it...

 

[ViciousDS]

Do the physical stores have the new CC chip readers or old school swipe?

I can't remember, I was there in JAN... first time in years... but it sounds this is online only.

If it's the physical card number with a security code they can actually force any machine with a combo setup. Where it accepts swipe and chip to accept the swiped

 

[RootCause]

Is your card still on file with them? You can go to Account Details -> Payment Methods and see. But it's not clear yet whether the data was harvested from their database or simply at the time of the transaction (i.e. pre-encrypted)



I don't think it's clear yet, but if they harvested CVV2 codes it would seem likely they were harvesting at the time of transaction, unless Gamestop was storing the CVV2 codes which would be a big black-eye for them since that is a no-no.

I added my card on March 21.

 

[BlueLiquid]

Shit, that's where I got my Switch.

I used my Amazon Prime Visa there though and they just sent me a new one with a new CVV. Is that sufficient or am I going to need a new card?

 

[Rootbeer]

Need to know if Pick Up In Store orders are impacted (when placed online) :/

Ehh timeline is too sketchy for me, I got a new CC and added it on there but I honestly don't remember if that was after Feb or not... and I can't seem to tell which CC was used on specific orders.

Seriously though that is a HUGE window of time. Gamestop dun fucked up.

Having your CC # stolen from a website in 2017 is inexcusable... we need more laws that punish companies that don't properly encrypt that data and protect it. I get that hackers are going to try to break in and sometimes succeed... but they should never be able to find anything in an unsecured state

 

[JayEH]

Ehhh I ordered something there last month but didn't store my card info, would the hackers still have access to my card?

 

[Freezasaurus]

Meh. I haven't shopped at Gamestop since before they sent me a new card anyway.

 

[sturgboski]

Fuck. I don't use GameStop in forever and then the Destiny 2 LE is announced as exclusive to them. I bite the bullet and buy it last week and now this. Thanks Bungie!

 

[Head.spawn]

If my credit card info is stolen from that one time i used that shit website to preorder Steam Link/ Steam Controller as soon as it went up for sale and then they fucked up my order and tried to tell me to wait with my thumb up my butt for another month for it to ship after launch...

I'll seriously rally the squad and egg that place.

 

[Nudull]

I only used Gamestop's site once, but that was with my old card + it was a long time ago. Either way, I should be safe.

 

[Kyrios]

The one and only time I used Gamestop.com was in 2014 and I'm 99% sure it was with a now expired card. Either way this sucks.

 

[Tunesmith]

They have the god damn security code, too? Jesus fuck.

Man in the middle injection on the commerce server. Crazy, effectively a key-logger on the merchant end recording everything before encryption takes place.

Bad bad bad Gamestop.

 

[Instro]

Yeesh, better get a new credit card.

Edit

Oh looks like I might be safe. All my purchases for them recently were with trade credit, and I don't have a CC attached to my account.

 

[Interface23]

This may explain the fraudulent charge I had on my credit card last week...

Me too...

 

[Opt1kon_]

thank goodness I've never ordered online, I will say tho I feel for those who actually do that can definitely be a sucky situation

 

[Fuzzy]

It's where I got my Zelda ME.

 

[JHoNNy1OoO]

I remember buying Hitman when it was 15 from them this past BF. Pretty sure I used PayPal though. Time to double check.

Edit: Yup PayPal saved my butt.

 

[Velikost]

Fuck. Bought several digital codes from them around Black Friday time. Was hoping I paid with PayPal but I didn't.

My bank charges for new cards so I guess I'll just have to watch my account like a hawk for the time being...

 

[ggx2ac]

Does this breach only affect Gamestop.com in the US or does it also affect their other regions around the world?

 

[Elfforkusu]

Noooooooo

... is what I would say, if reporting cc fraud wasn't so easy. Thanks for the heads up, OP, will keep an eye on the account.

 

[diablogod]

My bank called me about fraudulent charges on the debit card that's saved to my GameStop a few days ago . I think the bank blocked them though because I see no activity. Time to get a new debit card I guess.

 

[adamsapple]

and this is why i hesitate saving my card information on websites.

 

[Usobuko]

Don't save cards on any website. The cards I used to buy online stuff have less than $100 bucks in the account and I will get notified if anyone made any payment / transfer. Plus the last time I bought from gamestop was 2014.

So, I'm safe I guess.

 

[big_z]

Don't worry i'm sure you'll be able to trade in your old credit card for a shiny new gamestop rewards* credit card!

 

[Tubie]

Went through my card history and everything looks in order, even tho I made an online purchase during that time frame.

I'll call my bank and order a new card anyway just to be safe.

Considering the dire situation Gamestop is currently in, this is another blow when they are already down.

Can't say I feel too bad for them tho.

 

[Muzicfreq]

Possibly my card was taken because suddenly I had a $16 teespring purchase.

 

[dafodeu]

You can use PayPal on Gamestop glad I always did to avoid these issues. I have bought from their website many times.

 

[The Dear Leader]

Everything I've bought during that time was with a trade credit card or PayPal so I'm good I guess.