Skip to content

GameStop: 54 Million Customer Records Offered on Illegal Marketplaces

The bottom line: A data breach at GameStop with 54 million potentially affected customer records exposes names, addresses, phone numbers, and purchase histories for targeted phishing and social engineering attacks.

Cybercriminals claim to have stolen a database of US video game retailer GameStop containing over 54 million customer records. Security researchers from Cybernews have obtained sample data containing current customer information through 2026.

Data from an alleged GameStop compromise is being offered on illegal cybercrime marketplaces. The alleged attackers claim to possess a customer database with more than 54 million entries. The security media outlet Cybernews analyzed 86 publicly provided sample records and identified authenticity indicators. Official confirmation from GameStop is pending; the company was contacted for comment.

The examined samples contain complete customer data: user IDs, full names, dates of birth, email addresses, phone numbers, home addresses with postal codes, account status, and account creation and last purchase dates. Particularly relevant for assessing authenticity is the presence of transaction dates from 2026, suggesting more recent data. Cybernews warns, however, that with only 86 sample entries, it is not possible to verify whether the full 54 million records actually exist.

End users face significant risks from the combination of identifiers and purchase history. Attackers can use this information to orchestrate credible phishing campaigns, fake support calls, or manipulated delivery notifications in the name of GameStop. Known purchase history and contact information enable profiling and personalized social engineering attacks that are difficult for consumers to see through.

Security experts, however, put this in perspective: data offered on cybercrime marketplaces is not automatically proof of a current hack. Criminals often exaggerate the scope, recycle historical leaks, or aggregate data from multiple earlier data breaches to increase the selling price.


Source: www.it-daily.net · Published 1 July 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.2.

Share on: