Skip to main content
close search
site logo
Dive Brief

GameStop e-commerce site 'likely' hacked, card data potentially stolen

Published April 9, 2017
By
Contributor
Chris Potter

Dive Brief:

  • GameStop’s online payment card processing system likely was hacked between mid-September 2016 and the first week of February 2017, according to KrebsOnSecurity, which was told by two financial industry sources that they received alerts to that effect from a credit card processor.

  • The gaming and collectibles retailer confirmed to KrebsOnSecurity that a hack likely had occurred, stating, “GameStop recently received notification from a third party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website.” 

  • Among data potentially compromised were customer card numbers, expiration dates, names, addresses and card verification values (CVV2, usually a 3-digit security code printed on the backs of credit cards). E-commerce sites are not supposed to store the CVV2, according to KrebsOnSecurity, but the hack may have resulted in software being put in place to capture that number.

Dive Insight:

GameStop has been on a public rollercoaster ride during the last year. The company was one of the first beneficiaries of the Pokemon Go craze last summer, but after that fad faded, sales fell sharply, and GameStop is now closing about 150 of its stores — yet, the silver lining there is that the retailer is planning on opening more collectibles and technology-focused stores.

However, the likelihood that GameStop suffered a major hacking episode is another low point, and a big one. It follows a year in which we saw the evidence piling up that hacking of online sales sites in very much on the rise, and that many companies have been targeted as well by distributed denial-of-service attacks that disable their sites and cause outages.

The timing is pretty troubling because it appears that the hacking could have occurred during the months constituting the holiday shopping rush. There doesn't seem to be much more information now about how many cards might have been affected, how long the episode lasted and who might have done it. GameStop is getting some credit from some sources for moving quickly to investigate the possible breach, though the retailer clearly didn't say anything publicly about it until Krebs forced its hand.

While hacking episodes increase, a recent survey from Blumberg Capital also suggested the growing problem is not yet affecting online spending. Hearing that may discourage some retailers from acting promptly to better protect themselves and their customers. It's not clear what protections GameStop had in place for its site, but it's apparent they failed this time around.

How many hacking incidents will it take for consumers to care about what's going on, and cut back on their spending? We may eventually find out.

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
New Interface Report Reveals Top Security Risks for U.S. Retail Chains
From Interface Systems
November 19, 2024
Guinness is the top beer among high earners: YouGov report
From YouGov America
November 19, 2024
Argon & Co Welcomes New Senior Executive to Lead North American Retail Practice
From Argon & Co
November 13, 2024
RDSolutions Unveils Rebrand and Comprehensive Service Suite to Optimize Retail Performance and…
From RDSolutions
November 05, 2024
Editors' picks
Latest in Operations
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell