Barely two weeks after GameStop confirmed that the retail chain was closing 150 outlets around the globe, the company has now posted an official notice that a security breach may have led to customer data being stolen and resold to unknown parties. While this latest potential security breach strictly relates to the company's online storefront rather than its brick-and-mortar outlets, it's safe to say that customers are unlikely to enjoy hearing that their payment information - including credit card numbers, expiration dates, names, and addresses - may have been stolen and sold to unauthorized parties.
Stolen Credit Card Information
According to Krebs on Security, two different sources have indicated that this security breach occurred between September 2016 and February of 2017, a space of time wide enough to indicate that the breach likely involves a significant amount of customers.The stolen information also includes CVV2 credit card information, which online retailers aren't supposed to keep record of.
It's possible that the malicious intruders placed code on the compromised website to obtain this information along with everything else, which isn't unheard of situations like this.
Here's what GameStop had to say on the breach:
GameStop recently received notification from a third party that it believed payment card data from cards used on the Gamestop.com website was being offered for sale on a website. That day a leading security firm was engaged to investigate these claims. GameStop has and will continue to work non-stop to address this report and take appropriate measures to eradicate any issue that may be identified.
For its part, GameStop wouldn't comment on when it believes the potential security breach took place, and didn't state what information may have been stolen. The company advises users to monitor their credit card transaction history closely, and to report any unauthorized purchases if they happen to appear.
Most banks and credit card companies don't hold cardholders responsible for unauthorized transactions, and it's good practice to keep a close eye on one's history anyway - but for GameStop customers, checking this is now more prudent than ever.
The company has undergone some fairly dramatic times since the 2017 calendar year arrived, first witnessing the hardware resurgence of Nintendo with the massive launch of the Nintendo Switch (though even this couldn't save the 150 aforementioned retail outlets), and then ending its long-controversial Circle of Life program that had been forced upon employees. It'll be interesting to see what the latter half of 2017 brings, and what information will come from GameStop's internal investigations into the alleged security breaches.
Have you recently made any purchased on the GameStop website, Ranters? Are you less likely to now?