CEX suffers security breach that may affect up to two million customers

Second-hand retailer CeX hit by leak of 2m customer credentials

Cex crime

Second hand technology retailer CEX has revealed that over two million customers' accounts have been illegally hacked from its database.

Mullins continued, stating that, 'Our cyber security specialists have already put in place additional advanced measures to fix the problem and prevent this from happening again, ' which is expected.

The company says that it's working with the police and other "relevant authorities" to identify how the hackers bypassed its security systems.

For "a small number of customers", it also says the breach may extend to encrypted data from expired credit or debit cards up to 2009.

Only online customers are affected, not those who signed up for a membership card in store. They're emailing all affected customers with guidance on how to proceed but recommend in the interim that anyone holding an online account with them changes their password; as an additional security measure, if you use the same password across multiple accounts we'd recommend changing your password across all affected accounts as well.

Customer data for the retailer's online shop, such as account usernames and passwords, are not believed to have been compromised in the attack, reports ZDnet.

The company, which buys and sells games and electronics through a combination of its webuy.com website and a chain of bricks and mortar stores, has warned customers that they should change their password for the site as soon as possible.

Approximately 2 million people were affected by this data breach.

CeX has 575 stores worldwide, including 363 in the United Kingdom, and sells pre-owned video games and consoles, smartphones, computers, tablets, movies, and other electronic products. "We also wanted to reassure you that we are investigating this as a priority and are taking a number of measures to prevent this from happening again".

'It's surprising that Cex still stored customer card details prior to 2009, ' Javvad Malik, from security firm AlienVault, told BBC News.

Latest News