14 DAY TRIAL // Cybercriminals managed to breach the computer network of BigFish Games and planted malware on the billing and payment pages of the casual games provider’s website.
BigFish Games is currently ranked 1,589 in the United States and 2,817 worldwide, according to information from Alexa. The company was founded in 2002 and has millions of visitors across the globe, with customers in 150 countries.
CVV2 codes are among the details exposed
The breach was discovered by the administrators of the website on January 12, 2015, and following an investigation, it was determined that the intruders gained access to data from purchases between December 24, 2014, and January 8, 2015.
In a letter disclosing the incident, the company says that only new payment details added to the website have been exposed and that clients relying on card data already stored in their profile remain unaffected.
The details cybercriminals may have stolen include names, addresses, card number, expiration date and CVV2 (card verification value). Basically, an attacker holding this information is free to carry out illegal online purchases with no restriction.
The CVV2 code (available on the back of the card) helps prevent fraud in card-not-present transactions, as providing it in online transactions proves that the buyer has the card in their possession. Another purpose of the code is the verification of the card number.
As per PCI DSS (Payment Card Industry Data Security Standard), merchants are recommended not to store the CVV codes on their infrastructure in order to prevent fraudulent transactions resulting from a breach.
Company offers complimentary subscription to identity protection service
Ian Hurlock-Jones, CTO at BigFish Games, says that the company has plugged the security hole leveraged by the attacker(s) and removed the malware from the affected system. Furthermore, the incident has been reported to law enforcement.
Credit reporting agencies and payment card networks have also been alerted so that fraudulent activity connected to the affected cards may be blocked.
Jones has informed that BigFish Games offers to the affected customers free membership for one year to an identity protection service in order to prevent identity theft the moment it is detected.
The number of the affected individuals or the method used by the perpetrator(s) to gain access to the sensitive information remains undisclosed.