GameStop Investigating Serious Breach Compromising Credit Card Info

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,003
GameStop is in a pickle, as payment card data originating from the site has been found on the black market. It is possible that their storefront was infected by malware, as the leaked information includes CVV2 codes, which are normally not stored in company databases. If you have bought anything on GameStop.com, you know what to do.

…Gamestop.com was likely compromised by intruders between mid-September 2016 and the first week of February 2017. Those same sources said the compromised data is thought to include customer card number, expiration date, name, address and card verification value (CVV2), usually a 3-digit security code printed on the backs of credit cards. Online merchants are not supposed to store CVV2 codes, but hackers can steal the codes by placing malicious software on a company’s e-commerce site, so that the data is copied and recorded by the intruders before it is encrypted and transmitted to be processed.
 

YeuEmMaiMai

Fully [H]
Joined
Jun 11, 2004
Messages
31,880
will this be the death of them? I hope so.. they are multiple open festering maggot infested wounds on the gaming community...
 

AceGoober

Live! Laug[H]! Overclock!
Joined
Jun 25, 2003
Messages
24,570
The last few years I've normally paid with cash. I can count maybe twice over 10 years paying with debit card. Since I no longer have an account with the bank where the transactions were conducted, no worries for me.
 

NickJames

Supreme [H]ardness
Joined
Apr 28, 2009
Messages
6,690
I'll be expecting a letter a new card from Chase I guess.
 

trparky

Gawd
Joined
Jul 23, 2009
Messages
971
Good thing I've not bought anything from them in years. Seriously... Who the hell still goes to a GameStop?
 

NickJames

Supreme [H]ardness
Joined
Apr 28, 2009
Messages
6,690
Good thing I've not bought anything from them in years. Seriously... Who the hell still goes to a GameStop?

They're the only retail video game store around me so they're good for purchasing some obscure title or maybe grabbing some quick accessories when you don't have time to wait for shipping. My Best Buy barely keeps any title older than 4 years on the shelves. I traded in a self repaired original 3DS and got $125 in credit towards a New 3DS, that was a pretty solid deal right there. Same with my PS4 for a PS4 Pro.
 

arentol

2[H]4U
Joined
Jun 15, 2004
Messages
2,712
will this be the death of them? I hope so.. they are multiple open festering maggot infested wounds on the gaming community...

What this should be is the death-knell of manually-entered credit card information that isn't accompanied by Multi-Factor Authentication, preferably an option between an authenticator or a text. Also, in-person transactions should be accompanied by a pin like debit cards are.

The best defense against CC information theft would be if stolen CC information had no chance of resulting in actual theft what-so-ever.
 

trparky

Gawd
Joined
Jul 23, 2009
Messages
971
What we should be doing is urging more brick and mortar stores to be accepting payment options like Apple Pay, Android Pay, Samsung Pay, and the like. That way we don't give our actual credit card numbers to a retailer but instead a one-time-use-only random credit card number often referred to as Payment Tokenization.

Another thing is that we should be urging the credit card industry of the United States to move to chip-and-PIN as versus the incredibly insecure chip-and-sign method that we have now. Europe has had chip-and-PIN for years and their credit card fraud numbers are tiny fraction of what we have in the US. The only reason why the US went chip-and-sign was because they were freakin' lazy.
 
Last edited:

StryderxX

[H]ard|Gawd
Joined
Jun 22, 2006
Messages
1,628
Another death blow to Gamestop... it's time for these companies to invest in better online security.
 

YeuEmMaiMai

Fully [H]
Joined
Jun 11, 2004
Messages
31,880
I buy my games from Amazon.com and with most of them being 1 day delivery I do not even have to go out of the house to get them.
 

exlink

Supreme [H]ardness
Joined
Dec 16, 2006
Messages
6,049
Had a fairly sizable fraudulent charge on one of my credit cards last week. I purchased my PS4 Pro from GameStop with the same credit card in November of last year.

This pretty much explains how that happened. Luckily I didn't have to cover any of the fraudulent charge and the credit card was closed right after I got the purchase alert.
 

Miah

n00b
Joined
Nov 21, 2013
Messages
41
What a PITA. GS is already a divisive retailer in the gaming community & this isn't going to help them. Saddest part is that I only heard about this here, not like GS directly sent out notifications to all their customers.
 

NickJames

Supreme [H]ardness
Joined
Apr 28, 2009
Messages
6,690
What we should be doing is urging more brick and mortar stores to be accepting payment options like Apple Pay, Android Pay, Samsung Pay, and the like. That way we don't give our actual credit card numbers to a retailer but instead a one-time-use-only random credit card number often referred to as Payment Tokenization.

Another thing is that we should be urging the credit card industry of the United States to move to chip-and-PIN as versus the incredibly insecure chip-and-sign method that we have now. Europe has had chip-and-PIN for years and their credit card fraud numbers are tiny fraction of what we have in the US. The only reason why the US went chip-and-sign was because they were freakin' lazy.

God it frustrates me when I see a store that accepts mobile payments only for them to have a sign on the machine saying it doesn't work. FFS!
 

Galvin

2[H]4U
Joined
Jan 22, 2002
Messages
2,697
What we should be doing is urging more brick and mortar stores to be accepting payment options like Apple Pay, Android Pay, Samsung Pay, and the like. That way we don't give our actual credit card numbers to a retailer but instead a one-time-use-only random credit card number often referred to as Payment Tokenization.

Another thing is that we should be urging the credit card industry of the United States to move to chip-and-PIN as versus the incredibly insecure chip-and-sign method that we have now. Europe has had chip-and-PIN for years and their credit card fraud numbers are tiny fraction of what we have in the US. The only reason why the US went chip-and-sign was because they were freakin' lazy.

A lot of places don't even let you use the chip
 

Etherton

Will Bang for Poof
Joined
Aug 7, 2006
Messages
6,997
Gamestop.jpg
 

Darunion

Supreme [H]ardness
Joined
Oct 6, 2010
Messages
4,541
A lot of places don't even let you use the chip

Most places I see have a cover over it that says "broken, swipe only". Not sure there are really that many bad readers out there or is there some fee that is being charged for the chip transaction?
 

vegeta535

[H]F Junkie
Joined
Jul 19, 2013
Messages
9,998
A lot of places don't even let you use the chip
idk seems like the chip caught on here in the past year. Even the hole in the wall Chinese take out uses the chip. I do hate them tho. Some are so slow to read the chip that I could write out a check faster.
 

Burticus

Supreme [H]ardness
Joined
Nov 7, 2005
Messages
4,793
I might be concerned if I ever shopped there.

I do shop at Target however, and their massive hack didn't really scare me too much. Got a new CC in the mail anyway. Most of the fraudulent charges on my cards have either been internet based ones (I suspect Buy.com got me, but they're no longer around), or stolen mag swipe at stores/restaurants while traveling. Not much control over that. But all kinds of random BS shows up on my statement right after I take a trip, I know something's up. I mean, who spends $2k at a Sunglass hut? The Mrs got a taste of this not too long ago, had to be a mag swipe at a random eatery that resulted in $3k purchase at a Kroger. She was like, who can spend $3k at a grocery store? Gift cards, that's how.

In the end, the CC companies take off the charges if you ask nicely, you get a new card and you move on. Now a good friend of mine uses his DEBIT card everywhere and won't listen to reason. But he's been doing it for years and apparently hasn't had a problem. Pure luck I guess. But debit cards are NOT credit cards, and fraud charges cannot easily be fought or refunded. Depends on your bank.
 

Ebernanut

[H]ard|Gawd
Joined
Dec 15, 2010
Messages
1,695
Greeeaaat, that black friday deal on Deus Ex: MD might not have been such a good deal after all. If my card was compromised I guess that's what I get for breaking my rule about buying from GS.

I wonder if a possible infection is why the site was acting strange that day and only letting people check out as guests. BF would certainly be a good time to steal CC numbers from a site like that, especially with some of the deals they had.
 

Rev Lemmon

Limp Gawd
Joined
Dec 17, 2006
Messages
268
If your going to use a card use a credit card with good fraud protection. Never use your debit card!
 
Top