An alleged GameStop security breach is being investigated according to a report on KrebsOnSecurity. The breach appears to stem from the companies online services at GameStop.com that may have compromised customer credit card and personal information.
A GameStop company spokesperson is quoted as saying
GameStop recently received notification from a third party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website.
They go on to say
That day a leading security firm was engaged to investigate these claims. GameStop has and will continue to work non-stop to address this report and take appropriate measures to eradicate any issue that may be identified.
According to KrebsOnSecurity, the incident came to light after two sources in the financial industry had reported they received alerts from a credit card processor stating that GameStop.com was likely compromised between mid-September 2016 and the first week of February 2017. GameStop wouldn’t confirm this timeframe or what information may have been accessed as their investigation continues.
It is thought that if the breach did occur, those responsible were able to access customer card number, expiration date, name, address and card verification value (CVV2) the 3 or 4-digit security code printed on credit cards as an extra verification step.
GameStop ends by deflecting ownership onto customers and the card issuing company.
We regret any concern this situation may cause for our customers. GameStop would like to remind its customers that it is always advisable to monitor payment card account statements for unauthorized charges. If you identify such a charge, report it immediately to the bank that issued the card because payment card network rules generally state that cardholders are not responsible for unauthorized charges that are timely reported.
KrebsOnSecurity is run and owned by Brian Krebs, a former Washington Post staffer who has been targeted in high profile DDoS attacks for his work.