GameStop itself has confirmed that they’ve hired a third party to help them investigate a possible breach.
Recently, credit card data from the company’s website has shown up on the DarkWeb, and it is quite detailed, containing not just names, credit card numbers and expirations, but also three-digit CVV codes.
The company has not yet released an official statement concerning the breach, and at this point, the scope and scale of the breach is unknown. Although, given the long timeframe, whatever number the company ultimately releases is bound to be large.
It’s important to note that the breach seems to have been limited to the company’s ecommerce site, and does not seem to have impacted in-store POS (Point of Sale) systems. The telling detail here is the fact that in-store systems do not keep the CVV codes, which are stored by the website.
In any case, if you are a GameStop customer, and especially if you made a purchase between September of last year and February of this year, keep a close watch on your credit card statements for unauthorized transactions. It’s likely that all impacted users will be contacted by GameStop in the weeks ahead with further details and instructions.
Unfortunately, this is but the latest in a seemingly unending stream of high-profile breaches. 2017 is on track to beat 2016 for the highest number of security breaches in the history of the internet, and if the trend holds, then next year will be even bigger. In light of this, if you’ve been thinking of shoring up your own digital security, now is the time.