GameStop Claims Data Leak Was Just a Test and 'Not Actual Customer Data'

From PC Mag: GameStop's website has been showing visitors the personal information of other customers, but GameStop claims it was just a test.

As VGC reports(Opens in a new window), on Saturday some customers using GameStop's website were able to see the personal information of other customers simply by refreshing their order page. Multiple page refreshes kept changing the customer data that was visible. The data included names, addresses, phone numbers, order history, and at least partial payment card details.

GameStop's customer care team responded to the apparent security breach stating, "the addresses and names appearing in customers’ accounts were part of a test and “not actual customer data." The problem was also fixed on the same day, but the claim of it being a test has been met with suspicion.

Andy Robinson, owner and editor at VGC, has been shown(Opens in a new window) "dozens of images of emails, addresses and phone numbers that clearly belong to real people. Credit card numbers are partially redacted." Some GameStop customers have apparently received phone calls after the customer data was shared with others.

View: Full Article