Gamers may have paid a higher price than they expected when buying goods from GameStop over the holidays. Independent security reporter Brian Krebs says sources in the financial industry are receiving alerts that GameStop.com was “likely compromised by intruders between mid-September 2016 and the first week of February 2017.”
GameStop confirmed to Krebs on Friday that it was investigating a possible breach. The company hired a third-party security company to lead the investigation. The security breach reportedly affects GameStop.com only, and not the systems of the company’s physical retail stores.
It’s not clear how many people are affected, but the type of data stolen is surprisingly detailed, suggesting the site was infected with malware during the breach. Credit card nabbers were able to get away with names, addresses, credit card numbers, expiration dates, and the three-digit card verification values (CVV) on the back of cards.
The presence of the CVVs is what suggests the hackers used malware, according to Krebs, since online retailers are not allowed to store those numbers in their databases. The most likely way to obtain them, then, is by infecting an e-tailer’s site to intercept the information before it’s encrypted and processed.
The impact on you at home: Anyone who bought items from GameStop during the suspected period of the breach should watch their credit card statements closely. If you find any fraudulent charges on your statement report them to your credit card provider immediately. Companies usually don’t hold credit card holders responsible for unauthorized charges—especially if you report them as soon as possible.