Retailer GameStop has responded to reports that users could view customer information that was not theirs, claiming that no breach occurred and the data seen was "part of a test." The potential leaks come in the wake of poor financial performance for GameStop, having lost 71% of its value, as reported by Bloomberg, since the meme-stock boom nearly two years ago.
GameStop customers may wish to ensure their accounts' security following reports from the Saturday after Black Friday, where users reported being able to view information, including billing addresses and payment history, that did not pertain to them. A Reddit post that has since been removed by the moderation team was seemingly the first account of this alleged leak, which subsequently spread to Twitter before Video Games Chronicle reported on it. Claims included that users were shown "other people's orders," as well as "addresses, birthdays, emails."
Others claimed that each refresh of the website would cycle through another set of customer information that was not their own. Fortunately, it seems that the technical error was exclusive to GameStop's website, as users found the application available on mobile devices to be stable. Video Games Chronicle noted that it had "requested comment from GameStop" and would provide an update upon receiving a response, which is now featured in the same article.
GameStop's Customer Care team stated that any information present that was not the user's "was part of a test," rather than genuine customer data. The team is quoted as having replied that "this was immediately fixed the same day it took place," describing the fake records as "test data created by our teams." However, the update from Video Games Chronicle does mention that an "online search suggests that some of the names and addresses that were shown to customers on its website could match real people," and has queried GameStop once again about this possibility.
Assuming the update provided is the entire response, GameStop has not yet detailed what its "test" was for or why it was conducted on Saturday in-between Black Friday and Cyber Monday of all times. GameStop has instead been rather quiet about the potential leak, with both the associated Twitter account and website not having posted any warning or notice for users since the news first broke. Hopefully, the struggling retailer, currently facing a lawsuit for allegedly violating the California Invasion of Privacy Act, will be able to explain why a "test" was made visible for all users and instill a little more faith in its online security as Cyber Monday comes around.