Video game retailer GameStop Corporation suspects its website Gamestop.com has fallen victim to data breach. The company has confirmed this suspicion to KrebsOnSecruity, a web security blog. A company spokesman says they have received information from a third party that credit card details of Gamestop.com shoppers are supposedly being sold on a separate website.

In a statement to Krebs, GameStop says they have engaged the services of a security firm to validate data breach claims on the very day they received such information. GamesStop has assured their customers that they are on top of the issue and would take appropriate actions to address the supposed data breach.

According to Krebs they learned of this supposed GameStop data breach through two insiders in the financial industry. The sources claim customer data stolen from the Gamestop.com website include credit card numbers, addresses and expiration dates. Krebs also says the three-digit security codes (CVV2) found at the rear side of the credit cards was also stolen. Online stores are never supposed to store CVV2s. However hackers have malicious software to copy and store these data before they are encrypted and later processed.

The same financial industry sources say they have been notified by a credit card processing company that GameStop.com was most likely to have fallen victim to hackers between the middle of September 2016 up to the first week of February 2017. GameStop however would not confirm the possible transaction months covered by the data breach or would they comment on what customer data could have been stolen from their website.

In a statement relayed to Krebs, GameStop said they regret any repercussions this data breach issue may cause to their customers. The statement also included a reminder to customers to always make sure to monitor their credit card statements of account for any possible unauthorized charges. The retail company advised customers to immediately inform the bank that issued their credit card for any unauthorized charges. There is a rule that credit card holders should not claim responsibility for unauthorized credit card charges. This rule takes effect only when such charges are reported within a specified timeframe.

GameStop Corp is a video game, electronics and wireless services retail based in Grapevine, Texas. The company was reported to have generated in 2016 a total revenue of more than $8.6 billion. It operates 7,117 retail stores spread across the United States, Europe, Canada, New Zealand and Australia. According to Alexa.com, a web site statistics provider, GamesStop.com ranks 269 in the list of the most popular websites in the US.

So far there are no signs that show GameStop retail stores have also been victims of data breach. 

Martin Mann

Writer at Data Breach HQ
Martin Mann

Latest posts by Martin Mann (see all)