Notice: To display this embed please allow the use of Functional Cookies in Cookie Preferences.
Retailer GameStop has reportedly leaked customer information, including billing addresses and payment history.
It’s not clear if this includes full credit card numbers, but one user shared an image showing a partial number.
Update – GameStop responds
GameStop’s Customer Care team has responded, claiming that the addresses and names appearing in customers’ accounts were part of a test and “not actual customer data.
“This was immediately fixed the same day it took place,” it told VGC. “This was test data created by our teams, not actual customer data.”
However, an online search suggests that some of the names and addresses that were shown to customers on its website could match real people. VGC has asked if real address data was used.
“Every time I refresh the website, I can see someone else’s name, phone number, address, order history… it’s like a cycle of 4 or 5 people,” wrote one Reddit user. “This is very worrisome, can’t even change password because of this glitch.”
“Oh God, I tried it and it’s doing it for me too,” added another user. “Addresses, birthdays, emails, etc… this is really bad”.
They added: “You can view the digital currency codes as it sends the verification code to your own email. My friend was able to view a full credit card number by clicking on a card, but the site reloaded quickly after that.”
One Twitter user claimed they were able to cycle through multiple account profiles by refreshing their page on Saturday.
“GameStop website was tripping out and kept hopping me between a couple dozen different profiles. The name at the top of the screen kept changing, the items in the cart, and the Pro Rewards points. Thought I was being hella hacked but the GS app seems to be stable”.
VGC has requested comment from GameStop and will update this article when we receive a response.