If you've shopped on GameStop's online store anytime in the past six months, you might want to keep a close eye on whatever payment method you used. According to a recent report, the store's security measures may have been compromised, resulting in credit card information being stolen.
As was reiterated in a statement from GameStop to KrebsOnSecurity, you should keep an eye on your credit card activity regardless of whether or not you fear your information may have been stolen. But in this case, that goes double, because it looks like there's a pretty good chance that is exactly what happened with information gathered through GameStop's online retailer.
According to the initial report, KrebsOnSecurity contacted GameStop Corp to inform them that it was believed card data used at GameStop.com had been compromised. GameStop has already sought the support of a security firm to look into the matter, and it isn't entirely clear that credit card data was taken, but it's still a troubling situation, if true.
According to KrebsOnSecurity, two separate sources in the financial industry reached out to discuss the possible compromise of GameStop.com. In short, it looks like someone was trying to sell credit card information gathered from the website online, including card numbers, addresses, names and even CVV codes.
The reports state that the breach is expected to have happened between September of 2016 and February of 2017. That's been a pretty busy window for GameStop, including all of the holiday launches like Battlefield 1 and Call of Duty: Infinite Warfare, as well as recent mega-sellers like Horizon: Zero Dawn and the Nintendo Switch and all of its games and accessories. While GameStop didn't exactly have a gangbuster holiday season this year, which is resulting in the potential closing of a couple hundred stores, we imagine they've still been involved in quite a bit of online business through all of those months.
As the story goes, sites like GameStop.com don't hold all of your credit card information and they encrypt whatever is being stored. However, hackers are sometimes able to steal all of that information before it even gets encrypted, as well as that information that usually isn't retained, like the CVV code from the back of your card.
It's unfortunate, but this kind of stuff is becoming more common in this digital age. Online retailers have a responsibility to keep your information safe, but there are folks working constantly to figure out new tricks around every safety measure imaginable. GameStop, for their part, looks to be taking this very seriously, so we expect some sort of statement from their end once the security firm they hired is able to turn up some results.
For the time being, keep an eye on your credit card activity and, if you're still feeling uneasy, request a new card to replace the one you used at GameStop.com.