GameStop has confirmed a data breach that compromised credit card info between September 2016 and February 2017 according to Brian Krebs. This breach is unique in that hackers were able to secure the 3 digit security code, which means the malware was able to secure the information before it was transmitted.
Chris Olson, Co-Founder and CEO of The Media Trust explains, “Unless security professionals have a true digital risk management program in place to monitor all code executing on their website using multiple user profile combinations, there really is no other way to defend their websites against breaches. This preventative stance is especially valuable for ecommerce website security, where there is a direct impact on revenue, reputation and sensitive customer information. The latest breach of GameStop’s website is yet another unfortunate security incident that is a result of unmonitored first and third-party code executing on a webiste. The GameStop website breach echoes another incident we reported on during the Memorial Day long weekend last year, where sports-oriented ecommerce websites were compromised via extraneous JavaScript code executing on the payment landing pages. Like most websites breaches, everything looks just fine until the actual attack happens, necessitating continuous monitoring of code executing on the website.”
