GameStop has launched an investigation into a possible security breach after it was alerted that credit card data may have been stolen from the video game retailer's website was put up for sale on the black market.
If the data breach turns out to be true, it would add to the company's recent issues that include the planned closure of almost 150 retail stores and a controversial incentives scheme for GameStop employees.
GameStop Investigating Credit Card Breach Report
GameStop acknowledged that it has launched an investigation into the possible security breach that may have compromised the credit card details of GameStop.com customers.
"GameStop recently received notification from a third party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website," a spokesman for the company said in a statement.
The spokesman added that, in the same day, GameStop contact an unnamed security firm to launch an investigation into the claim, and that the company is committed to addressing the problem and solving all issues that may arise from the reported data breach.
GameStop.com Customers' Possible Compromised Data
According to KrebsOnSecurity, two sources from the financial industry were alerted by a credit card processor that hackers compromised GameStop.com between the middle of September 2016 and the first week of February 2017. There is, however, no sign that the physical locations of the retailer were also targeted.
The sources added that the compromised data of customers include credit card numbers, their expiration date, personal details such as names and addresses, and importantly, the card verification values, or CVV2.
Digital stores are not supposed to store CVV2 codes on their platforms, but hackers will be able to steal them by injecting malicious software into the website. This allows them to steal the codes before they are encrypted for processing payments.
"There is a reason companies aren't allowed to store this CVV2 data in their own databases, so the fact that the hackers were able to intercept these security codes elevates the severity of the incident significantly," said Vishal Gupta, CEO of a security firm named Seclore. He added that, if the breach turns out to be true, it could turn out to be "a huge payday" for the hackers who were able to carry it out.
With the CVV2 codes compromised in addition to the rest of the credit card information, hackers can use the credit cards for all forms of online transactions. As such, customers who lodged a transaction through the GameStop.com website are advised to check their credit card statements and monitor their accounts for any unauthorized charges that may appear. If any such charges are discovered, customers should immediately contact their bank.
There are still many unknown factors regarding the case, such as the number of customers that are affected by the security breach and the method that the hackers used to infiltrate and compromise GameStop.com. At the very least, the company did not waste any time in launching an investigation into the matter.