GameStop.com customers' credit card information may have been compromised

gamestop pauses powerpass store
GameStop is investigating a possible security breach that may have compromised customers’ credit card and personal information. GameStop admitted it was looking into the breach after KrebsOnSecurity notified the video game seller of potential hacks. Two unnamed sources in the financial industry tipped off the security news site that a credit processor discovered the breach.

In a statement to KrebsOnSecurity, a GameStop spokesperson said, “GameStop recently received notification from a third party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website. That day a leading security firm was engaged to investigate these claims. Gamestop has and will continue to work non-stop to address this report and take appropriate measures to eradicate any issue that may be identified.”

At this time, the alleged hacks only apply to GameStop.com, not the company’s  7,000-plus store locations. According to KrebsOnSecurity’s sources, the intrusions took place over a period of nearly five months, from mid-September to early February, but GameStop has not confirmed that timeframe.

KrebsOnSecurity’s sources claim that credit card numbers, names, addresses, and three-digit card verification codes on the backs of cards were potentially exposed and stolen by hackers. Card verification codes, which are used for many online purchases, are encrypted before being sent for processing and are not allowed to be stored by merchants. But with malicious software, hackers can copy the card verification value before it goes through this process.

GameStop also offered advice for anyone potentially affected by the security breach:

“We regret any concern this situation may cause for our customers. GameStop would like to remind its customers that it is always advisable to monitor payment card account statements for unauthorized charges. If you identify such a charge, report it immediately to the bank that issued the card because payment card network rules generally state that cardholders are not responsible for unauthorized charges that are timely reported.”

Since the possible breach allegedly occurred over a number of months which included the holiday season, the number of people affected by it may be significant. It’s unclear how many purchases were made on the website during the five-month period, but we certainly advise that you should watch your credit card transactions carefully.

Editors' Recommendations