GameStop just confirmed that customer credit card data was stolen

gamestop pauses powerpass store
GameStop customers, beware. The retailer has confirmed that your credit card information may have been stolen. This weekend, the game purveyor released a statement noting that it “recently received notification from a third party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website.” The company assured customers, however, that it hired a “leading security firm” the same day in order to investigate the claims. “GameStop has and will continue to work non-stop to address this report and take appropriate measures to eradicate any issue that may be identified,” the retailer said.

GameStop sent affected customers an email earlier this week, admitting that hackers could have made away with names, addresses, and credit card information from just about anyone who “placed or attempted to place orders on our website from August 10, 2016 to February 9, 2017.”

The email continued, “We are notifying you because you placed or attempted to place an order on www.GameStop.com during this time period using a payment card ending in [number].”

The security blog KrebsOnSecurity actually noted that a breach had taken place as early as April of this year, and reported that information as granular as credit card CVVs (the three-digit security codes on your cards) was compromised. This was particularly concerning because online retailers aren’t supposed to store CVV data, but if hackers have malicious software, they can actually copy the data before it gets encrypted and processed.

Editors' Recommendations