Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Payment Card Data Compromised in Big Fish Games Breach

A piece of malware installed on the systems of Seattle-based casual gaming company Big Fish Games has been used to steal customer payment information.

A piece of malware installed on the systems of Seattle-based casual gaming company Big Fish Games has been used to steal customer payment information.

According to Big Fish Games, the company discovered the breach on January 12. The malware was installed on the billing and payment pages of the company’s website and it appears to have intercepted customer data such as names, addresses, payment card numbers, expiration dates, and CVV2 codes. The attackers have not been identified.Big Fish Games hacked

In a letter sent out to affected individuals, a copy of which was published last week on the website of the California Attorney General, Big Fish Games noted that only customers who had entered new payment information on the company’s website between December 24, 2014 and January 8, 2015 may be affected. Those who used payment information from a previously saved profile don’t appear to be impacted.

Big Fish told SecurityWeek that there is no indication that this issue had any impact on customers who purchased games for iOS and Android devices, or through Facebook.

“We have taken the necessary steps to remove the malware and prevent it from being reinstalled. We have reported the incident to and are cooperating with law enforcement. We have also informed the credit reporting agencies and payment card networks about this incident so that they make take appropriate action regarding your card account,” Ian Hurlock-Jones, the CTO of Big Fish Games, wrote in the letter sent to affected customers.

The gaming company is offering impacted individuals a complimentary one-year membership to Experian’s ProtectMyID Alert service. Users can activate the service by May 31, 2015.

It’s uncertain how many of Big Fish Games’ customers are impacted by the breach, but the company told SecurityWeek that the incident “resulted in the interception and diversion of payment information of a small percentage of our total customers.”

“Upon learning of the potential security incident, we immediately took steps to remove the malware responsible for the issue. We hired a leading data security forensics firm to assist in our investigation of the incident to fully understand the event and to help us better assure data security going forward,” said a Big Fish spokesperson.

Founded in 2002, Big Fish claims to be the world’s largest producer and distributor of casual games. The company says it has distributed more than 2.5 billion games to customers in 150 countries.

Advertisement. Scroll to continue reading.

Several major companies reported suffering payment card data breaches in the past year. The list includes Home Depot (56 million cards compromised), TripAdvisor’s Viator (1.4 million cards compromised), Goodwill, HSBC Turkey, and P.F. Chang’s.

*Updated with statement from Big Fish Games

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.