[Image credit: Hey Poor Player]
When it comes to buying video games, the number one spot most people go to is Gamestop but now the chain retailer is investigating a possible security breach involving both customer's personal data and their credit card information.
Check out when the data was possibly breached below.
Gamestop confirmed the possible breach to Brian Krebs, a prominent computer security journalist.
“GameStop recently received notification from a third party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website,” a company spokesman wrote to Krebs.
The company continued by writing, “That day a leading security firm was engaged to investigate these claims. Gamestop has and will continue to work non-stop to address this report and take appropriate measures to eradicate any issue that may be identified.”
Sources close to Kreb speculate that the breach occured during September 2016 and February 2017, and the data stolen may include the customer's card number, expiration date, name, address and card verification value (CVV2). The CVV2 is the 3 digit number on the back of your credit card.
Luckily, this time frame is in the perfect “sweet spot” to be after Nintendo Switch preorders began back in January and before the Nintendo Switch and The Legend of Zelda: Breath of the Wild came out in March. However, some games that did come out during this time frame and would definitely be bought in the masses on the Gamestop website include Gears of War 4, Battlefield 1, Titanfall 2 and Watch Dogs 2.
Krebs confirms on his website that companies aren't supposed to save the CVV2 in the backend of their website which provides speculation that the hacking group that pulled this breach off was taking customer's data as they entered it into the website.
“We regret any concern this situation may cause for our customers,” Game Stop said in its statement. “GameStop would like to remind its customers that it is always advisable to monitor payment card account statements for unauthorized charges. If you identify such a charge, report it immediately to the bank that issued the card because payment card network rules generally state that cardholders are not responsible for unauthorized charges that are timely reported.”
Did you buy anything from the Gamestop website during this time period? Let us know in the comments!