If you’re a casual gamer and sometimes visit a BigFish Games to satiate your casual desire for entertainment, then you may want to pay attention.
BigFish Games has announced that credit card information was intercepted by malware in a man-in-the-middle attack.
In a statement that was released on the 18th of February, they revealed that someone apparently had compromised one of their billing and payment pages and was able to actually intercept the input via a man-in-the-middle-attack.
"An unknown criminal installed malware on the billing and payment pages of our website that appears to have intercepted customer payment information,"
This means that unencrypted information was stolen while it was in transit, and thus all of that credit and debit card information is now compromised, to include the CVV2 number.
Unfortunately there are sometimes very lax laws in regards to when and how a company is to report a breach of this type. This attack was discovered on January 12th, 2015, though the public wasn’t warned about any potential consequences until the 18th of February. This to me seems to be very irresponsible. If the attack was discovered and the methods known on the 12th, as well as the potential customers affected, which can be collected via their database, then they should warn customers before any unwanted charges appear on their cards. Not wait a month just to be sure. I feel it’s better safe than sorry in these situations.
"Your information may have been affected if you entered new payment details on our websites (rather than using a previously saved profile) for purchases between December 24, 2014 and January 8, 2015. Your name, address, and payment card information, including the card number, expiration date, and CVV2 code, may have been among the information accessed."
The CTO, Ian Hurlock-Jones, also did mention that the situation is now under control with all malware taken care of.
Thankfully, however, any affected customers can have access to one year of an identity protection service so as to help monitor and protect any illicit activity. That is one thing that isn’t required by law, and is a very nice gesture on their part, though it is indeed a gesture to further stop any future legal action against them.
So if you happen to play any games or have spent any money at BigFish Games, make sure to take a look at your credit and debit card statements every once in awhile to see if anything doesn’t belong. And don’t hesitate to use the free service that they offer either. Free is a great price for identity protection, no matter how horrible the service may be.