KrebsOnSecurity is reporting that GameStop.com may have been hacked, with user information and even credit card data possibly being available to hackers online. According to the report, GameStop.com information was breached some time between the middle of September 2016 and into February of 2017. Online sources are saying that they have the customer data, including credit card information, and are offering it up for sale to others.
“GameStop recently received notification from a third party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website,” a company spokesman said to KrebsOnSecurity. “That day a leading security firm was engaged to investigate these claims. Gamestop has and will continue to work non-stop to address this report and take appropriate measures to eradicate any issue that may be identified.”
If these reports are true then anyone who purchased anything from GameStop.com within this time span could have their data compromised. The report states that credit card numbers, billing address, and CVV2 codes were all stolen, which would make it easy for nefarious actors to use these cards to purchase whatever they want.
None of this is confirmed yet, and users should wait until GameStop confirms the hack before taking any drastic action. Still, there are smaller steps that should be taken whenever data may be compromised. Changing your password should be the first step, and if any other websites use the same password, be sure to change that as well.
If you did buy anything on GameStop.com then you should keep an eye on that card, making sure you check for any unauthorized purchases. If you do see anything then be sure to notify your credit card company so that they can issue you a new card that won’t be compromised. Check back for updates as this story develops.