GameStop Investigating Potential Website Security Breach

GameStop Black

Latest News

GameStop Investigating Potential Website Security Breach

April 8, 2017

By: Robert N. Adams


GameStop is investigating a potential security breach in that may have resulted in customer credit card data being compromised as reported by Krebs On Security.

Two sources in the financial services industry have reported to Krebs On Security that the breach was purported to have happened within the window of mid-September 2016 and the first week of February 2017. GameStop itself had the breach brought to its attention when a third party notified them that credit card data (noted as having been collected from their website) was being offered for sale on a website.

The compromised data is thought to include the credit card number, expiration data, name, address, and - most critically - the card verification value (CVV2). Typically, a CVV2 is a three-digit code printed on the back of cards as an additional layer of security against fraud. Websites typically refrain from storing this data, but the injection of malicious code into a website could copy the CVV2 number as its entered and pass it along to nefarious third parties.

As soon as GameStop was notified of the breach, the company hired an unnamed security firm to investigate the breach and remedy any potential issues that may result from it according to a statement released by the company. Additionally, they advised customers to report any potentially fraudulent transactions to the card issuer. Card issuers generally do not hold cardholders responsible for fraudulent transactions as long as they reported promptly.


As far as Krebs On Security's research goes, there haven't been any reports of retail locations being compromised in this manner; the breach is thought to be focused on purchases made through the website. If you've bought something from between September 2016 and February 2017, it might be a good idea to keep an eye on your transactions for the near future.

Did you make any purchases on GameStop's website during the affected timeframe? Do you think the company is addressing this potential data breach in a satisfactory way? Let us know in the comments below!

A photograph of Robert N Adams
Senior Writer

I've had a controller in my hand since I was 4 and I haven't stopped gaming since. CCGs, Tabletop Games, Pen & Paper RPGs - I've tried a whole bunch of stuff over the years and I'm always looking to try more!