GameStop Website Allegedly Leaking Customers’ Billing Credentials

GameStop, a US-based gaming retailer, was a go-to place for any gamer looking to buy the latest games for more than two decades. It started as a small gaming store in Dallas and from there it saw a very long period of growth and expansion.

Rising controversies along with the rise of digital games in the late 2010s kick-started GameStop’s eventual decline. Now, even during such tough times, it appears it has been marred by yet another controversy.

MAJOR TAKEAWAYS 

• GameStop appears to have suffered yet another data breach, leaking the personal info of customers on its website to other users.
• The leaked info included the order history, home address, and payment info of orders with a few alleged leaks of credit card info.
• The cause of the leak seems to be a bug in website’s security system.
• Adding fuel to the controversy, on the company’s subreddit, moderated by employees, the posts mentioning the breach are being removed 
• The company is yet to comment on this.

This time personal information of GameStop customers was allegedly compromised on the website. It was first reported on Twitter and then a short while on the GameStop subreddit. The Reddit post was removed by mods later on.

According to the users, whenever they refreshed their account they could apparently see other people’s personal information, order history, home address, and payment info.

@GameStop WTF Every time I refresh my account I see other people info and orders even address is this real ??.. pic.twitter.com/5mBitmJoWp

— Erikã Yàsmïn ΔOX​❑ (@3rikaYasmin) November 26, 2022

The alleged cause of the issue seems to be a critical bug in the security system of the GameStop website. And that did not seem like an isolated occurrence, as more people have also corroborated this info. Many of them were quick to change their account passwords.

Some of them removed their credit card info as well, fearing their credit cards could be compromised. And those worries were not unfounded, as one user claimed that their friend saw the full card number of another person.

Though not corroborated by any evidence, one person on the subreddit claimed to have lost $1000. They claimed that they had shredded the credit card a long time ago. So, it could only have been possible if their credit card had been leaked from GameStop, as they still had not removed it from there.

Adding fire to the controversy, the mods on the subreddit are deleting the posts with any mention of the breach. We have to keep in mind that the subreddit is run by the employees of the company. So it seems like an obvious attempt to censor the info regarding the breach.

But a few are skeptical about it. They are calling it a smear campaign against GameStop. They think it is a malicious attempt at tanking the company’s stocks. Though the evidence and an overwhelming number of claims seem to say otherwise.

But they are not wrong about the potential fall of GameStop’s stocks. And that’s not all, this could also result in the company facing serious lawsuits. Potentially adding to its financial burdens.

This is not the first time GameStop has suffered a critical data leak. Five years ago in September 2017, the company suffered a major leak of credit card info of customers. What’s astonishing is that the info was exposed “over the time-frame of over six months.”

This leak might not be of the same scale, but it is quite imperative that it certainly won’t help GameStop gain the confidence of investors and customers.

GameStop is yet to comment on this.

How will GameStop deal with this controversy? And what impact can it have on its future? Discuss in the comments section below.