4-7-2017 Gamestop Data breach including credit cards // Amazon, Gamestop DOOM CE $60

[Electroplasm]

amazon & gamestop have the DOOM collector's edition for $60 on all platforms
https://www.amazon.com/gp/aw/ol/B01BG1O75U

http://m.gamestop.com/product/ps4/games/doom-collectors-edition/128538

 

[Electroplasm]

https://krebsonsecurity.com/2017/04/gamestop-com-investigating-possible-breach/
Two sources in the financial industry told KrebsOnSecurity that they have received alerts from a credit card processor stating that Gamestop.com was likely compromised by intruders between mid-September 2016 and the first week of February 2017.

Those same sources said the compromised data is thought to include customer card number, expiration date, name, address and card verification value (CVV2), usually a 3-digit security code printed on the backs of credit cards.

 

[BrolyB593]

Has been notably cheaper for quite a while now. I got it for $40 from Amazon back in September.

 

[xprototypej]

Has been notably cheaper for quite a while now. I got it for $40 from Amazon back in September.

True . wait for it to drop lower. I got it for $40 as well.

 

[ec91762]

I paid full price when it first came out and I do not regret it, its amazing! If you find it cheaper hop on that deal!

 

[georgebot84]

Got it for 60. Awesome CE, but the fan on the statue doesn't really work.

 

[gthirst]

Thanks for the heads up.  I legit want to play this game, but I have a full backlog.  If I see this get to $40 I'll be in.  Otherwise I'll jump on the base game for around $10

 

[Oisterboy]

I'll double dip and get this for my one if and when it hits 40. More than fun enough to replay, and that way I don't buy 2 of the "same" game.

 

[Electroplasm]

......

 

[Raw_Orangejuice]

Came to say I'm safe. Real Cags don't spend cash at GameStop.






Orangejuice out...!

 

[Richard B. Riddick]

Only got games at gamestop when I´m at the states, I´m not from it so only spent cash, like last year and the year before.

I started to buy less from gamestop since BB GCU is way better

 

[litepink]

Yet another collector's edition-data breach hybrid thread

 

[Platos]

April fools was last week.

 

[breathwillowmist]

Came to say I'm safe. Real Cags don't spend cash at GameStop.






Orangejuice out...!

One of the dumbest comments I have seen in awhile.

 

[Tothoro]

Our CVVs should be safe at the very least. It would be a breach of PCI DSS if they actually stored those on a database. No such restriction on card numbers or addresses, unfortunately.

 

[LonelyBacteria]

One of the dumbest comments I have seen in awhile.

I better step up my game

 

[AndyD33]

Our CVVs should be safe at the very least. It would be a breach of PCI DSS if they actually stored those on a database. No such restriction on card numbers or addresses, unfortunately.

Unfortunately the data was being captured before it was encrypted, so CVVs were included.

 

[reaperztoll]

Our CVVs should be safe at the very least. It would be a breach of PCI DSS if they actually stored those on a database. No such restriction on card numbers or addresses, unfortunately.

From what it sounds like, this isn't the case but it wouldn't be the first(or last) time that someone did what they had to for their annual requirements then ditched all the practices they are supposed to follow.

Screw PCI compliance by the way, biggest bunch of bullshit I've ever had to deal with.

 

[Tothoro]

Unfortunately the data was being captured before it was encrypted, so CVVs were included.

Encrypted or not, it's a huge no-no to store it in any fashion (including logs). Additionally, if you're talking about before the data hits Gamestop.com, it's HTTPS so everything is encrypted by default. Unless the hackers rewrote part of Gamestop.com or broke SSL/TLS, there's absolutely no way they got that snippet of data.

Unless of course Gamestop wasn't following PCI DSS. If that's the case I expect to see a lot of turnover in their IT department in the coming months.

From what it sounds like, this isn't the case but it wouldn't be the first(or last) time that someone did what they had to for their annual requirements then ditched all the practices they are supposed to follow.

Screw PCI compliance by the way, biggest bunch of bullshit I've ever had to deal wit

100% agree. That was one of my roles at my former job, and man, it was the most awful, monotonous work I've ever done.

I know we all tend to dislike GS for their shitty business practices, but I didn't think it extended into their corporate IT. We're probably gonna find out in the coming weeks one way or another, though.

 

[mexicanfan]

And Sony was hacked many years ago and credit cards were stolen too... yadda, yadda, yadda.

 

[geohouse]

What about using guess checkout?

 

[Yu Narukami]

Came to say I'm safe. Real Cags don't spend cash at GameStop.






Orangejuice out...!

One of the dumbest comments I have seen in awhile.

Um, except he's absolutely right. He wasn't implying not shopping at Gamestop if that's what you're thinking. He was implying flipping games and other things to Gamestop to get lots of store credit and then buy stuff with that store credit. I haven't spent a dime for anything at Gamestop besides penny guides in years.

 

[Avengeme]

Thanks deader

 

[Squarehard]

I only pay with Paypal anyways, so nothing is stored on Gamestop.com, and this is clearly the reason why.