Those who make a habit of shopping through GameStop's online storefront may want to keep a close eye on their credit card activity, as the specialty retailer is investigating whether hackers stole customers' credit card information over a period of months.
KrebsOnSecurity today reported the news, saying two sources had informed it that a credit card processor had determined GameStop.com security was likely compromised between September 2016 and February 2017.
"GameStop recently received notification from a third party that it believed payment card data from cards used on the GameStop.com website was being offered for sale on a website," a GameStop spokesperson told the site. "That day a leading security firm was engaged to investigate these claims. GameStop has and will continue to work non-stop to address this report and take appropriate measures to eradicate any issue that may be identified."
The site's sources believed the stolen information included names, addresses, and all key credit card information, including the CVV2 numbers printed on the backs of users' cards. Those numbers aren't supposed to be saved by online merchants, KrebsOnSecurity noted, but could be stolen by hackers who managed to insert their software into a company's site.