GameStop Reportedly Leaked Customer Data Including Billing Address, Payment History

The popular video game retailer GameStop seems to have leaked a variety of different customer information such as billing addresses and payment history, at least according to several recent reports about the matter. The problem affected users on the website for a certain period of time on November 26, 2022 as they browsed their online profiles. The customer data of other users would apparently appear with each refresh of the page.

While the news comes from the dozens of confused users on Twitter and Reddit who tried to report the problem to GameStop, the publication VGC was the first outlet to have taken notice of this developing story. Whether or not credit card numbers and other forms of payment information were leaked remains unclear.

“Every time I refresh the website, I can see someone else’s name, phone number, address, order history. It’s like a cycle of four or five people,” the user on Reddit going by the name of Commercial_Ease8053 remarked. “This is very worrisome, I can’t even change my password because of this glitch.”

“God, I tried it and it’s doing it for me too,” another user on the same social media platform known as Piefanart said. “Addresses, birthdays, emails. This is really bad.” Piefanart later added that “you can view the digital currency codes as it sends the verification code to your own email. My friend was able to view a full credit card number by clicking on a card, but the site reloaded quickly after that. He didn't have enough time to see the whole thing.”

The complaints quickly turned up on Twitter. “What the fuck? Every time I refresh my account, I see other people's info and orders and even address, is this real,” the user calling themselves 3rikaYasmin for example asked.

This comes in the wake of news that GameStop has been accused of wiretapping customers, at least according to a recently filed class action lawsuit. GameStop "neither informs visitors nor obtains their prior express consent to these intrusions," the legal deposition points out. The state of California in which the lawsuit was filed explicitly forbids any website from creating transcripts without "obtaining prior, express consent from all parties to the conversation."

Source: Read Full Article