Skip to main content

GameStop Pwned? Major Credit Card Breach Suspected

Video game retailer GameStop is looking into reports that its website, gamestop.com, may have been breached and that customer credit-card information may have been stolen. Independent security reporter Brian Krebs first reported the story on his website KrebsOnSecurity.

Credit: Adobe Stock

(Image credit: Adobe Stock)



“GameStop recently received notification from a third party that it believed payment-card data from cards used on the GameStop.com website was being offered for sale on a website,” a GameStop representative told Krebs. The company representative went on to say that the company had hired a security firm to investigate.

According to Krebs' sources, gamestop.com was compromised sometime between the middle of September 2016 and early February 2017. The stolen data may include credit-card numbers, card expiration dates, names, addresses and 3-gigit CVV security codes.

MORE: What to Do After a Data Breach: A Step-by-Step Guide

If you made a purchase on GameStop's website in that timeframe (or even think that you may have), you should check your last few months worth of credit-card statements, and inspect your most recent activity either online or on the phone. Additionally, you should put a free 90-day credit alert on file with a credit reporting agency: Experian, TransUnion or Equifax. For a full rundown of what to do in a data breach, click here.

GameStop has been fighting an uphill battle as the video-game industry goes increasingly digital, which means fewer gamers need brick-and-mortar stores, and even fewer trade in their old games (GameStop's bread-and-butter is selling used games to new consumers). The company bought ThinkGeek in 2015 to start selling pop-culture merchandise, and also sells phone plans through Cricket Wireless, in an attempt to diversify its offerings.