Hackers installed malware in Big Fish Games website, payment card information compromised
Seattle-based casual gaming company Big Fish Games has reported that its website was compromised in Dec to Jan period and the hackers may have stolen Big Fish customers personal and financial information like credit card numbers, CVV numbers.
Big Fish Games was founded in 2002, and has distributed more than 2.5 billion games to customers in as many as 150 countries. As of now it is not known as to how many Big Fish Games customers are affected by this compromise or which countries they belong to.
In a letter sent to the potentially affected customers, Big Fish Games CTO, Ian Hurlock-Jones stated that”An unknown criminal installed malware on the billing and payment pages of our website that appears to have intercepted customer payment information.”
“Your information may have been affected if you entered new payment details on our websites (rather than using a previously saved profile) for purchases between December 24, 2014 and January 8, 2015. Your name, address, and payment card information, including the card number, expiration date, and CVV2 code, may have been among the information accessed.”
The company has notified the North Carolina AG’s office regarding the breach as per the requirements under the US law. The company said that it discovered the breach on 12th Jan, 2015 and started notifying the potential victims of the breach from February 11, 2015.
As per standard industry practice, Big Fish Games will be offering the affected customers free one-year membership to an identity protection service.
Hurlock-Jones has said that the security team from Big Fish Games has removed the malware from the website and taken necessary steps so that the hackers do not reinstall it at a later date. Hurlock-Jones has also requested all their customers to monitor their payment account records for fraudulent transactions.
Resource : North Carolina AG’s Office (PDF).