# GameStop.com was hacked and credit card info was stolen



## Jao Chu (Apr 9, 2017)

There is already a thread discussing this here


----------



## RemixDeluxe (Apr 10, 2017)

Jao Chu said:


> There is already a thread discussing this here


I don't know why it's not making the front page of the site. This is pretty concerning and more people should know about this.


----------



## RemixDeluxe (Apr 10, 2017)

@Chary 

What do you think?


----------



## Chary (Apr 10, 2017)

RemixDeluxe said:


> I don't know why it's not making the front page of the site. This is pretty concerning and more people should know about this.


Use an image, uploaded, not hot linked, in the center, hit enter for space, add a summary of what's newsworthy, and the source (try to be direct, like a company statement, not from another site like IGN), check the formatting how a news post works. I saw this news yesterday when it was rumored, but for goodness sakes, I need breaks too, I'm busy right now, and hawkishly watching news every day gets tiring. I'll promote it if someone makes a competent thread.

--------------------- MERGED ---------------------------



CeeDee said:


> We don't have room on the front page for both a hack of a major game distributor revealing credit card info, and Trails of Cold Steel games on PC.


Make the post yourself then, if you have such an attitude about it. You clearly are still bothered by the news on this site, despite not even understanding the process here. Your salt-show isn't even amusing.


----------



## RustInPeace (Apr 10, 2017)

It dawned on me that this may have been the reason my bank issued a new debit card to me, the generic message was "possible compromise," to paraphrase. I didn't notice any shady transactions on my bank account, so I'm not sure if this actually affected me. I only made one Gamestop.com purchase, ever, but it falls under that time period. The card I used then has since been closed, so I'm safe, but wow.


----------



## RemixDeluxe (Apr 10, 2017)

Chary said:


> Use an image, uploaded, not hot linked, in the center, hit enter for space, add a summary of what's newsworthy, and the source (try to be direct, like a company statement, not from another site like IGN), check the formatting how a news post works. I saw this news yesterday when it was rumored, but for goodness sakes, I need breaks too, I'm busy right now, and hawkishly watching news every day gets tiring. I'll promote it if someone makes a competent thread.
> 
> --------------------- MERGED ---------------------------
> 
> ...


I never understood how it worked till now how news is handled. I'll try to fix it up as best as I can but I'm only doing this just because I feel more should be informed before this gets out of hand. Its already affected a close friend of mine whom is in the process now of getting the card replaced.


----------



## linuxares (Apr 10, 2017)

I kind of wish stores stopped storing credit cards. They should be deleted after the pay period is over.


----------



## RemixDeluxe (Apr 10, 2017)

linuxares said:


> I kind of wish stores stopped storing credit cards. They should be deleted after the pay period is over.


That wasn't their doing. Hackers installed software which sent over the data before it was encrypted and processed for purchasing. I'm wondering why this wasn't discovered sooner if this has been going since September.


----------



## linuxares (Apr 10, 2017)

RemixDeluxe said:


> That wasn't their doing. Hackers installed software which sent over the data before it was encrypted and processed for purchasing. I'm wondering why this wasn't discovered sooner if this has been going since September.


Ah sorry, so it was a malware attack. How the heck could it get so deep?


----------



## Sheimi (Apr 10, 2017)

Glad I never made purchases during that time


----------



## Sonic Angel Knight (Apr 10, 2017)

This is why i hate online purchases, i only ever buy from the local store, never online. Only time i buy online is if i can't reach local. Still i never store my credit card info. Not on psn, not on eshop, not on steam, not on anything!

Don't ever store your card info, even if you want easy transactions, just don't please!


----------



## Joe88 (Apr 10, 2017)

bought from them but used paypal so i'm fine


----------



## Sonic Angel Knight (Apr 10, 2017)

Joe88 said:


> bought from them but used paypal so i'm fine


Or do like this guy did, use paypal


----------



## Mr. Wizard (Apr 10, 2017)

I don't give my money to gamestop, they suck, I hope they crash and burn.


----------



## Kevinpuerta (Apr 10, 2017)

Its on front page


----------



## DKB (Apr 10, 2017)

Final nail in the coffin.


----------



## hobbledehoy899 (Apr 10, 2017)

Good thing my sister got Pokémon Moon from GameStop physically. (^;


----------



## Alkéryn (Apr 10, 2017)

Well the only place on internet that have my credit card info is paypal
I'm not giving it to anything else


----------



## hobbledehoy899 (Apr 10, 2017)

Alkéryn said:


> Well the only place on internet that have my credit card info is paypal


Even that is too much.


----------



## Alkéryn (Apr 10, 2017)

hobbledehoy899 said:


> Even that is too much.


Well this is the minimal you can do to allow online transaction


----------



## hobbledehoy899 (Apr 10, 2017)

Alkéryn said:


> Well this is the minimal you can do to allow online transaction


Input your number manually each time.


----------



## the_randomizer (Apr 10, 2017)

Good thing I haven't bought anything from them in nearly a year   Sucks but isn't surprising.


----------



## WiiUBricker (Apr 10, 2017)

No wonder Switches were sold out. Hackers were purchasing them for themselves.


----------



## Alkéryn (Apr 10, 2017)

hobbledehoy899 said:


> Input your number manually each time.


Not way safer, MITM attack is still possible
Better using paypal


----------



## RemixDeluxe (Apr 10, 2017)

hobbledehoy899 said:


> Input your number manually each time.


The information is compromised from the moment the information is processed. Whether you save your card data or not makes no difference.


----------



## Alkéryn (Apr 10, 2017)

RemixDeluxe said:


> The information is compromised from the moment the information is processed. Whether you save your card data or not makes no difference.


Exactly


----------



## hobbledehoy899 (Apr 10, 2017)

RemixDeluxe said:


> The information is compromised from the moment the information is processed. Whether you save your card data or not makes no difference.


Eh, it's still something.


----------



## RemixDeluxe (Apr 10, 2017)

hobbledehoy899 said:


> Eh, it's still something.


The only concern with saving card info is if you share your account, having an easy password, or installed a keylogger. But that isn't the case with what happened here.

It should go without saying to keep your passwords not the same across multiple accounts especially email. If one site gets breached of account login info then that's only one place to worry about rather than dozens.


----------



## Ev1l0rd (Apr 10, 2017)

I don't even have GameStop in my country lol. 

Here we have Intertoys (mostly physical toys, but their games section is alright), Bart Smit (solely games and physical toys, no gaming merch aside from amiibo and skylander toys) and Game Mania (used games and merchandise). Unless you order online, then bol.com is the king.


----------



## leon315 (Apr 10, 2017)

well, i heard GS finance went RED last fiscal year, sounds like a piss of internal conspiracy.


----------



## naddel81 (Apr 10, 2017)

good thing that I used PayPal on that moronic site!


----------



## death360 (Apr 10, 2017)

Good thing I don't buy shit from them.


----------



## Windaga (Apr 10, 2017)

Yikes. The only thing I bought from them during that time period was actually purchased with a prepaid Gift card, so I'm good but still, that really sucks.


----------



## Lumince (Apr 10, 2017)

Ouch... That could have explained why I had to get a new card then... Money just poofed out of no where... Dirty peasants... Not shopping at gamestop anymore...


----------



## chartube12 (Apr 10, 2017)

RemixDeluxe said:


> That wasn't their doing. Hackers installed software which sent over the data before it was encrypted and processed for purchasing. I'm wondering why this wasn't discovered sooner if this has been going since September.




It only took target and best buy having cc info stored in plan text and getting hacked for the us to use chipped cards. Meanwhile EU has had them for decade at least!

Btw US government. You may have made it mandatory for every non-store card to be chipped and have a chip reader, but you left a loop hole wide open. The bill doesn't require the chip readers to actually be turned on. Wawa for example has the readers, but doesn't have them enabled. I was talking with one of their managers, their chip readers probably will never be turned on. The wawa corporation believes the chip readers will slow down purchases too much for them and they will lose business. Don't use the chip and your transaction isn't encrypted on the cards end. I hope wawa is at least encrypting them on thier end.

For those who don't know. The chips on the credit/debit cards generates a random card number each time the chip is used. that number is linked to your real card number. Further more the randomly generated number and the transaction are also encrypted. The random number expires for use in 24 to 48 hours.

Not sure why online transaction systems are not mandatory encrypted in a simular matter, other then laziness and cheapness. Visa and MasterCard are right, their is no reason in today's technological world, why stores need to know, see and use your real card number(s).


----------



## xile6 (Apr 10, 2017)

Sonic Angel Knight said:


> This is why i hate online purchases, i only ever buy from the local store, never online. Only time i buy online is if i can't reach local. Still i never store my credit card info. Not on psn, not on eshop, not on steam, not on anything!
> 
> Don't ever store your card info, even if you want easy transactions, just don't please!


Never heard of target?

They have everyone card information stolen at the swiper. Was something that all data got sent somewhere else before it went to there bank


----------



## Pacheko17 (Apr 10, 2017)

Lol I can't even buy from them


----------



## chartube12 (Apr 10, 2017)

xile6 said:


> Never heard of target?
> 
> They have everyone card information stolen at the swiper. Was something that all data got sent somewhere else before it went to there bank



The data waa also stored in plan text files in both the servers and instore PCs. Effectively, target was completely neglectful


----------



## xile6 (Apr 10, 2017)

chartube12 said:


> The data waa also stored in plan text files in both the servers and instore PCs. Effectively, target was completely neglectful


Yea reason i never shop there. Its always something wrong. From items being mislabled to infor beong stolen. Etc...


----------



## DavidRO99 (Apr 10, 2017)

Alkéryn said:


> Well the only place on internet that have my credit card info is paypal
> I'm not giving it to anything else


I dont have my CC anywhere, not even Steam or PayPal, the only way I get money on PayPal is add cc, add money, remove cc, done. Im sorry for anybody that got affected by this


----------



## Mr. Wizard (Apr 10, 2017)

Holy shit, is "Guaranteed Fraud Protection" not a thing where you people live?  I mean, every CC here "TD/AMEX/CAPONE" has it and bloody VISA themselves offer "ZERO LIABILITY".

https://www.visa.ca/en_CApay-with-visa/security.html


----------



## RemixDeluxe (Apr 10, 2017)

Mr. Wizard said:


> Holy shit, is "Guaranteed Fraud Protection" not a thing where you people live?  I mean, every CC here "TD/AMEX/CAPONE" has it and bloody VISA themselves offer "ZERO LIABILITY".
> 
> https://www.visa.ca/en_CApay-with-visa/security.html


This is coming from a retailer that doesn't offer free shipping on $100+ orders. Of course not.


----------



## Mr. Wizard (Apr 10, 2017)

DavidRO99 said:


> I dont have my CC anywhere, not even Steam or PayPal, the only way I get money on PayPal is add cc, add money, remove cc, done. Im sorry for anybody that got affected by this


LOL you can remove it all you want.. It's still in their records.  And a lot of places keep those records for a long time.


----------



## Yepi69 (Apr 10, 2017)

Power to the players indeed.


----------



## Deleted member 408979 (Apr 10, 2017)

gamestop dun goofed.

Stores are closing...

Credit cards being hacked...

its going the way of the blockbuster.

I hope i can go to the us when all the shops in texas close so i can get really cheap games at clearance sales.


----------



## Kioku_Dreams (Apr 10, 2017)

hobbledehoy899 said:


> Input your number manually each time.



That's actually not safer. Keyloggers are tricky bitches.


----------



## EvilMakiPR (Apr 10, 2017)

Jao Chu said:


> There is already a thread discussing this here


Yeah I posted it yesterday and hardly got noticed


----------



## Mr. Wizard (Apr 10, 2017)

EvilMakiPR said:


> Yeah I posted it yesterday and hardly got noticed


You should have thrown HAXX0RZ!!!1!11!!1 in the title.  It's all about presentation...  Plus your thread is locked.


----------



## Jayro (Apr 11, 2017)

I'm sure glad I only pay with cash there... Yikes.


----------



## Benja81 (Apr 11, 2017)

Yikes, well good thing I haven't shopped at gamestop since about 2002.

Ok was more like 2012, but it feels like 2002. Got tired of them ripping me off.

Edit: My "yikes" was ninja'd!


----------



## John256145 (Apr 11, 2017)

Glad I don't buy from them!


----------



## DarthDub (Apr 11, 2017)

Thankfully my last purchase from there was via cash.


----------



## slingblade1170 (Apr 11, 2017)

I've bought there using a credit card like 10 times lately. Damn.....


----------



## Joom (Apr 11, 2017)

@chartube12, that's not what happened in the case with Target and Best Buy. They got hit with POS malware (one specifically being BlackPOS, which got leaked on malware forums). It had nothing to do with card information being stored in plain text as information was stolen the moment a customer swiped their card at a POS terminal. That was just bullshit hysteria drummed up by the mainstream. Chipped cards don't help either, as new POS malware and skimmers have arose to circumvent this. Want to know how to keep your money safe? Pay in cash.


----------



## the_randomizer (Apr 11, 2017)

Luckily I use debit cards, not credit cards, too tempted to max them out. They're used in the same way anyways.


----------



## Mr. Wizard (Apr 11, 2017)

Joom said:


> Want to know how to keep your money safe? Pay in cash.


My CC and CDC have "zero liability" and if I lose it I don't lose all my money.  Whereas if I lose my cash, it's gone.  Plus change is quite inconvenient. 

Here you might want one of these to go with your paranoia.


----------



## Joom (Apr 11, 2017)

Mr. Wizard said:


> My CC and CDC have "zero liability" and if I lose it I don't lose all my money.  Whereas if I lose my cash, it's gone.  Plus change is quite inconvenient.
> 
> Here you might want one of these to go with your paranoia.



I see you really have your finger on the pulse of this topic. Cards are insured, sure, but that doesn't prevent some Russian from making off with your money. Also, I'm not paranoid, I'm just well versed on the subject because it's my job. I'm a private contractor for malware firms and corporations that performs auditing for occasions just like this. Also, boohoo "inconvenience". Really puts an ironic spin on your "HA, I THINK I'M SO FUNNY" mentality.


----------



## chartube12 (Apr 11, 2017)

Joom said:


> @chartube12, that's not what happened in the case with Target and Best Buy. They got hit with POS malware (one specifically being BlackPOS, which got leaked on malware forums). It had nothing to do with card information being stored in plain text as information was stolen the moment a customer swiped their card at a POS terminal. That was just bullshit hysteria drummed up by the mainstream. Chipped cards don't help either, as new POS malware and skimmers have arose to circumvent this. Want to know how to keep your money safe? Pay in cash.



My cousin is a target employee. I can tell you 100% certain, cards were stored in plan text files. Regardless of how the attacked happened, they were still not securing costumers data. It would been vary easy through other means to hack in and still those text files.

Chipped cards are still safer then unchipped when using the chip. Since the random card number expires in 24 to 48 hours and they never get to see your real card number. Don't listen to the paranoid telling you, the chips are useless.


----------



## Joom (Apr 11, 2017)

chartube12 said:


> My cousin is a target employee. I can tell you 100% certain, cards were stored in plan text files. Regardless of how the attacked happened, they were still not securing costumers data. It would been vary easy through other means to hack in and still those text files.


They didn't steal text files. They stole the information straight from the POS terminals, and the malware itself stored that information in plain text. It was being sold on the Darkode forum. Here's a write up on the malware itself and how it works. 
http://www.xylibox.com/2013/05/dump-memory-grabber-blackpos.html


----------



## chartube12 (Apr 11, 2017)

Joom said:


> snip


 
Reread what i wrote. I know happened. It doesn't matter. Cause they still could of stolen them easily through other means.


----------



## Joom (Apr 11, 2017)

chartube12 said:


> Reread what i wrote. I know happened. It doesn't matter. Cause they still could of stolen them easily through other means.


Uh, what? No, they couldn't have. There's only one way to do this, because regardless of the store, credit card information isn't stored locally or remotely due to the design of POS systems.


----------



## chartube12 (Apr 11, 2017)

Joom said:


> Uh, what? No, they couldn't have. There's only one way to do this, because regardless of the store, credit card information isn't stored locally or remotely due to the design of POS systems.



That's not true. Or wasn't. target was storing the information to make returns easier in the event instore systems went down


----------



## Mr. Wizard (Apr 11, 2017)

Joom said:


> Cards are insured, sure


So you validate everything I said but then proceed to try to insult me because I called your bullshit?



Joom said:


> I see you really have your finger on the pulse of this topic.


Thank you, more so than you.  I would rather show people there are safeguards instead of spreading false information, paranoia and mass hysteria.  What are you, the media?



Joom said:


> I'm a private contractor for malware firms and corporations that performs auditing for occasions just like this.


Basing your entire argument on authority instead of fact just shows what type of person you are.

One of my cards was skimmed, they made of with a whole $3.10 before it was locked down.  I am also a security contractor if you want to measure dicks, I've been doing it for 15+ years.  I am speaking from experience with facts, not just blowing smoke out my ass like you.



Joom said:


> I'm just well versed on the subject because it's my job.


You aren't very good at your job then.  Basically you are telling people that if they don't want a virus, stay off the internet and do shit the old way, like everyone needs the security of a CA.  Ya, good advice buddy.



Joom said:


> Also, boohoo "inconvenience".


Majority of innovation in this world is based on convenience.  Can't you come up with better insults than that?  Since you can't come up with any valid reasons to support using cash only.  I would have expected better from you, a man of your education.  Then again that was probably just bullshit too.


----------



## Joom (Apr 11, 2017)

chartube12 said:


> That's not true. Or wasn't. target was storing the information to make returns easier in the event instore systems went down


Again, no.
https://krebsonsecurity.com/2015/09/inside-target-corp-days-after-2013-breach/

Target hired a third party HVAC company out of Pennsylvania that was also compromised and this was the entrypoint for the attackers. There's absolutely nothing mentioned about credit card information being stored in plain text. The other problem is that they used weak and default passwords for their backend servers, which allowed the spread of more malware. Seriously, do your research before relying on the information of your cashier cousin.

--------------------- MERGED ---------------------------



Mr. Wizard said:


> -snip-


I don't even care enough to validate you because you're a walking strawman. Your cherry picking kinda proves this. Seriously, that entire argument is set up to be defeated. Lrn2debate.


----------



## Mr. Wizard (Apr 11, 2017)

Ahh GBATemp, maybe we should build a wall and deport all the plebs that are just here to increase their post count.

#makegbatempgreatagain


----------



## Ev1l0rd (Apr 11, 2017)

Mr. Wizard said:


> Ahh GBATemp, maybe we should build a wall and deport all the plebs that are just here to increase their post count.
> 
> #makegbatempgreatagain



Unpopular opinion:
Discussioners in order of terribleness:

The one winning the argument
The one losing the argument
The one complaining about the argument
The one complaining about the complaining about the argument
Yes, I'm aware that makes me the worst in this thread. Deal with it.


----------



## Mr. Wizard (Apr 11, 2017)

Ev1l0rd said:


> Unpopular opinion:
> Discussioners in order of terribleness:
> 
> The one winning the argument
> ...


I'd hate to be "that guy" in the flippity floppity floop but I don't think "discussioners" is even a word...


----------



## Yinxx (Apr 12, 2017)

RemixDeluxe said:


> GameStop is currently investigating reports of data breaching, which includes credit card data and personal customer data after being informed by a security firm. These breaches were caused by hackers that maliciously install software that sends the CVV2 data before its encrypted and processed.
> 
> If you made any purchases on GameStop.com between September 2016 and February 2017 there is a chance your information is compromised. Check your banking statements from September to now and look for any odd charges that may have occurred. For good measure I would cancel and get it replaced if possible too.
> 
> ...


Damn. I'll cancel my order asap.


----------



## RemixDeluxe (Apr 12, 2017)

Yinxx said:


> Damn. I'll cancel my order asap.


That's not how it works. You can't just take it back if you already made an online purchase. Info has already been processed even if you want to get a refund.


----------

