GameStop Pwned? Major Credit Card Breach Suspected

Video game retailer GameStop is looking into reports that its website, gamestop.com, may have been breached and that customer credit-card information may have been stolen. Independent security reporter Brian Krebs first reported the story on his website KrebsOnSecurity.

Credit: Adobe StockCredit: Adobe Stock

“GameStop recently received notification from a third party that it believed payment-card data from cards used on the GameStop.com website was being offered for sale on a website,” a GameStop representative told Krebs. The company representative went on to say that the company had hired a security firm to investigate.

According to Krebs' sources, gamestop.com was compromised sometime between the middle of September 2016 and early February 2017. The stolen data may include credit-card numbers, card expiration dates, names, addresses and 3-gigit CVV security codes.

MORE: What to Do After a Data Breach: A Step-by-Step Guide

If you made a purchase on GameStop's website in that timeframe (or even think that you may have), you should check your last few months worth of credit-card statements, and inspect your most recent activity either online or on the phone. Additionally, you should put a free 90-day credit alert on file with a credit reporting agency: Experian, TransUnion or Equifax. For a full rundown of what to do in a data breach, click here.

GameStop has been fighting an uphill battle as the video-game industry goes increasingly digital, which means fewer gamers need brick-and-mortar stores, and even fewer trade in their old games (GameStop's bread-and-butter is selling used games to new consumers). The company bought ThinkGeek in 2015 to start selling pop-culture merchandise, and also sells phone plans through Cricket Wireless, in an attempt to diversify its offerings.

Create a new thread in the Antivirus / Security / Privacy forum about this subject
This thread is closed for comments
3 comments
    Your comment
  • velocityg4
    Wait! People still shop at Gamestop?!

    Don't they realize they can buy used games on Amazon or eBay for much less with very little risk. Then resell them on the same platforms with little risk. All with a very small net cost. Sure there is some risk. In the long term you will save far more money then you will lose from the occasional scammer. Really the only risk of scam is from buyers making false claims against sellers. eBay/Paypal almost always side with the buyer.
    0
  • AndrewFreedman
    Anonymous said:
    Wait! People still shop at Gamestop?!

    Don't they realize they can buy used games on Amazon or eBay for much less with very little risk. Then resell them on the same platforms with little risk. All with a very small net cost. Sure there is some risk. In the long term you will save far more money then you will lose from the occasional scammer. Really the only risk of scam is from buyers making false claims against sellers. eBay/Paypal almost always side with the buyer.


    They do! GameStop is fighting an uphill battle, but they're still a big name. But that's why they're also moving into toys, merchandise and other tech. Amazon, eBay and even Wal-Mart are threatening their business.
    0
  • ItsHistory
    I would imagine that Gamerstop did not build their payment system all by themselves, and rather rely on a third party.
    Any idea what that is? Because either the third party has been compromised, or GamerStop has been compromised. But if the latter is true, then it means that the third party does not enforce proper and secure integration of their system.
    My point is that I wouldn't blame GamerStop, but rather the payment system they have been using. And while past consumers of GamerShop need worry about their information, any online customer over the net need worry about sites using crappy payment services.
    0