GameStop Investigating Serious Breach Compromising Credit Card Info

Megalith

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,000
GameStop is in a pickle, as payment card data originating from the site has been found on the black market. It is possible that their storefront was infected by malware, as the leaked information includes CVV2 codes, which are normally not stored in company databases. If you have bought anything on GameStop.com, you know what to do.

…Gamestop.com was likely compromised by intruders between mid-September 2016 and the first week of February 2017. Those same sources said the compromised data is thought to include customer card number, expiration date, name, address and card verification value (CVV2), usually a 3-digit security code printed on the backs of credit cards. Online merchants are not supposed to store CVV2 codes, but hackers can steal the codes by placing malicious software on a company’s e-commerce site, so that the data is copied and recorded by the intruders before it is encrypted and transmitted to be processed.
 
will this be the death of them? I hope so.. they are multiple open festering maggot infested wounds on the gaming community...
 
The last few years I've normally paid with cash. I can count maybe twice over 10 years paying with debit card. Since I no longer have an account with the bank where the transactions were conducted, no worries for me.
 
I'll be expecting a letter a new card from Chase I guess.
 
Good thing I've not bought anything from them in years. Seriously... Who the hell still goes to a GameStop?
 
trparky said:
Good thing I've not bought anything from them in years. Seriously... Who the hell still goes to a GameStop?
Click to expand...

They're the only retail video game store around me so they're good for purchasing some obscure title or maybe grabbing some quick accessories when you don't have time to wait for shipping. My Best Buy barely keeps any title older than 4 years on the shelves. I traded in a self repaired original 3DS and got $125 in credit towards a New 3DS, that was a pretty solid deal right there. Same with my PS4 for a PS4 Pro.
 
YeuEmMaiMai said:
will this be the death of them? I hope so.. they are multiple open festering maggot infested wounds on the gaming community...
Click to expand...

What this should be is the death-knell of manually-entered credit card information that isn't accompanied by Multi-Factor Authentication, preferably an option between an authenticator or a text. Also, in-person transactions should be accompanied by a pin like debit cards are.

The best defense against CC information theft would be if stolen CC information had no chance of resulting in actual theft what-so-ever.
 
What we should be doing is urging more brick and mortar stores to be accepting payment options like Apple Pay, Android Pay, Samsung Pay, and the like. That way we don't give our actual credit card numbers to a retailer but instead a one-time-use-only random credit card number often referred to as Payment Tokenization.

Another thing is that we should be urging the credit card industry of the United States to move to chip-and-PIN as versus the incredibly insecure chip-and-sign method that we have now. Europe has had chip-and-PIN for years and their credit card fraud numbers are tiny fraction of what we have in the US. The only reason why the US went chip-and-sign was because they were freakin' lazy.
 
Last edited:
Another death blow to Gamestop... it's time for these companies to invest in better online security.
 
I buy my games from Amazon.com and with most of them being 1 day delivery I do not even have to go out of the house to get them.
 
Had a fairly sizable fraudulent charge on one of my credit cards last week. I purchased my PS4 Pro from GameStop with the same credit card in November of last year.

This pretty much explains how that happened. Luckily I didn't have to cover any of the fraudulent charge and the credit card was closed right after I got the purchase alert.
 
What a PITA. GS is already a divisive retailer in the gaming community & this isn't going to help them. Saddest part is that I only heard about this here, not like GS directly sent out notifications to all their customers.
 
trparky said:
What we should be doing is urging more brick and mortar stores to be accepting payment options like Apple Pay, Android Pay, Samsung Pay, and the like. That way we don't give our actual credit card numbers to a retailer but instead a one-time-use-only random credit card number often referred to as Payment Tokenization.

Another thing is that we should be urging the credit card industry of the United States to move to chip-and-PIN as versus the incredibly insecure chip-and-sign method that we have now. Europe has had chip-and-PIN for years and their credit card fraud numbers are tiny fraction of what we have in the US. The only reason why the US went chip-and-sign was because they were freakin' lazy.
Click to expand...

God it frustrates me when I see a store that accepts mobile payments only for them to have a sign on the machine saying it doesn't work. FFS!
 
trparky said:
What we should be doing is urging more brick and mortar stores to be accepting payment options like Apple Pay, Android Pay, Samsung Pay, and the like. That way we don't give our actual credit card numbers to a retailer but instead a one-time-use-only random credit card number often referred to as Payment Tokenization.

Another thing is that we should be urging the credit card industry of the United States to move to chip-and-PIN as versus the incredibly insecure chip-and-sign method that we have now. Europe has had chip-and-PIN for years and their credit card fraud numbers are tiny fraction of what we have in the US. The only reason why the US went chip-and-sign was because they were freakin' lazy.
Click to expand...

A lot of places don't even let you use the chip
 
Gamestop.jpg
 
Galvin said:
A lot of places don't even let you use the chip
Click to expand...

Most places I see have a cover over it that says "broken, swipe only". Not sure there are really that many bad readers out there or is there some fee that is being charged for the chip transaction?
 
Galvin said:
A lot of places don't even let you use the chip
Click to expand...
idk seems like the chip caught on here in the past year. Even the hole in the wall Chinese take out uses the chip. I do hate them tho. Some are so slow to read the chip that I could write out a check faster.
 
I might be concerned if I ever shopped there.

I do shop at Target however, and their massive hack didn't really scare me too much. Got a new CC in the mail anyway. Most of the fraudulent charges on my cards have either been internet based ones (I suspect Buy.com got me, but they're no longer around), or stolen mag swipe at stores/restaurants while traveling. Not much control over that. But all kinds of random BS shows up on my statement right after I take a trip, I know something's up. I mean, who spends $2k at a Sunglass hut? The Mrs got a taste of this not too long ago, had to be a mag swipe at a random eatery that resulted in $3k purchase at a Kroger. She was like, who can spend $3k at a grocery store? Gift cards, that's how.

In the end, the CC companies take off the charges if you ask nicely, you get a new card and you move on. Now a good friend of mine uses his DEBIT card everywhere and won't listen to reason. But he's been doing it for years and apparently hasn't had a problem. Pure luck I guess. But debit cards are NOT credit cards, and fraud charges cannot easily be fought or refunded. Depends on your bank.
 
Greeeaaat, that black friday deal on Deus Ex: MD might not have been such a good deal after all. If my card was compromised I guess that's what I get for breaking my rule about buying from GS.

I wonder if a possible infection is why the site was acting strange that day and only letting people check out as guests. BF would certainly be a good time to steal CC numbers from a site like that, especially with some of the deals they had.
 
If your going to use a card use a credit card with good fraud protection. Never use your debit card!
 
You must log in or register to reply here.
Back
Top