Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Payment Card Data Compromised in Big Fish Games Breach

A piece of malware installed on the systems of Seattle-based casual gaming company Big Fish Games has been used to steal customer payment information.

A piece of malware installed on the systems of Seattle-based casual gaming company Big Fish Games has been used to steal customer payment information.

According to Big Fish Games, the company discovered the breach on January 12. The malware was installed on the billing and payment pages of the company’s website and it appears to have intercepted customer data such as names, addresses, payment card numbers, expiration dates, and CVV2 codes. The attackers have not been identified.Big Fish Games hacked

In a letter sent out to affected individuals, a copy of which was published last week on the website of the California Attorney General, Big Fish Games noted that only customers who had entered new payment information on the company’s website between December 24, 2014 and January 8, 2015 may be affected. Those who used payment information from a previously saved profile don’t appear to be impacted.

Big Fish told SecurityWeek that there is no indication that this issue had any impact on customers who purchased games for iOS and Android devices, or through Facebook.

“We have taken the necessary steps to remove the malware and prevent it from being reinstalled. We have reported the incident to and are cooperating with law enforcement. We have also informed the credit reporting agencies and payment card networks about this incident so that they make take appropriate action regarding your card account,” Ian Hurlock-Jones, the CTO of Big Fish Games, wrote in the letter sent to affected customers.

The gaming company is offering impacted individuals a complimentary one-year membership to Experian’s ProtectMyID Alert service. Users can activate the service by May 31, 2015.

It’s uncertain how many of Big Fish Games’ customers are impacted by the breach, but the company told SecurityWeek that the incident “resulted in the interception and diversion of payment information of a small percentage of our total customers.”

“Upon learning of the potential security incident, we immediately took steps to remove the malware responsible for the issue. We hired a leading data security forensics firm to assist in our investigation of the incident to fully understand the event and to help us better assure data security going forward,” said a Big Fish spokesperson.

Founded in 2002, Big Fish claims to be the world’s largest producer and distributor of casual games. The company says it has distributed more than 2.5 billion games to customers in 150 countries.

Advertisement. Scroll to continue reading.

Several major companies reported suffering payment card data breaches in the past year. The list includes Home Depot (56 million cards compromised), TripAdvisor’s Viator (1.4 million cards compromised), Goodwill, HSBC Turkey, and P.F. Chang’s.

*Updated with statement from Big Fish Games

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Shane Barney has been appointed CISO of password management and PAM solutions provider Keeper Security.

Edge Delta has appointed Joan Pepin as its Chief Information Security Officer.

Vats Srivatsan has been appointed interim CEO of WatchGuard after Prakash Panjwani stepped down.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.