According to reports, the retailer GameStop disclosed customer data including billing addresses and payment information.
On Saturday, clients were allegedly seeing other users’ details when refreshing their order pages, according to numerous people on social media.
Although one user posted a picture of a partial credit card number, it’s unclear if this also includes entire digits.
One Reddit user observed that “it’s like a cycle of four or five people,” adding that “every time I refresh the website, I can see someone else’s name, phone number, address, order history.” This is really concerning because the issue prevents even changing the password.
Another user said, “Oh God, I tried it and it’s doing it for me too.” Addresses, birthdays, emails, etc…. This is awful.
— Erikã Yàsmïn ΔOX❑ (@3rikaYasmin) November 26, 2022
You can view the digital currency codes as the verification code is sent to your email, they continued. By clicking on a card, my friend could see the complete credit card number, but the page quickly refreshed after that.
On Saturday, one Twitter user claimed they could switch between different account just by refreshing their screen.
The GameStop website was acting strangely and constantly switching between a few dozen different profiles for me. The products in the cart, the Pro Rewards points, and the name at the top of the screen all constantly changing. I though I was seriously being hacked, but the GS app appears to be stable.
GameStop has been contacted by VGC for comment; we’ll update this post if we hear back.