Browse
Category
DiscussionsGeneral

Humble Bundle accounts got exploit last week

Open
Rellikpt

got this email 1 hour ago
https://imgur.com/Hmkyd7Z

Hello,

Last week, we discovered someone using a bug in our code to access limited non-personal information about Humble Bundle accounts. The bug did not expose email addresses, but the person exploited it by testing a list of email addresses to see if they matched a Humble Bundle account. Your email address was one of the matches.

Sensitive information such as your name, billing address, password, and payment information was NOT exposed. The only information they could have accessed is your Humble Monthly subscription status. More specifically, they might know if your subscription is active, inactive, or paused; when your plan expires; and if you've received any referral bonuses.

Even though the information revealed is very limited, we take customer trust very seriously and wanted to promptly disclose this to you. We want to make sure you are able to protect yourself should someone use the information gathered to pose as Humble Bundle.

As a reminder, here are some tips to keep your account private and safe:

Don't share your password, personal details, or payment information with anyone. We will NEVER ask for information like that.
Be careful of emails with links to unfamiliar sites. If you receive a suspicious email related to Humble Bundle, please contact us via our support website so that we can investigate further and warn others.
Enable 2-Step Verification (2SV) so that even if someone gets your password, they won't be able to access your account. You can enable 2SV by following these instructions.

We sincerely apologize for this mistake. We will work even harder to ensure your privacy and safety in the future.

Jeffrey Rosen, CEO, Humble Bundle

5 years ago*

Comment has been collapsed.

24 Comments
spigias

bump

5 years ago
Permalink

Comment has been collapsed.

Deleted

This comment was deleted 5 years ago.

5 years ago
Permalink

Comment has been collapsed.
Vecchia

Yes, me too, thanks.

5 years ago
Permalink

Comment has been collapsed.
CedericH

Or in other words, unless you are specifically emailed about it nothing to worry about.

But change your password anyways if you haven't done that for a few months, and make sure you're not using the old password anywhere else.

5 years ago
Permalink

Comment has been collapsed.
shauntmw

It's good that they took the time to inform the affected users about this. For this, I salute them.
It's rare to see companies take the initiative to admit mistake and to notify their users, even when they can just keep quiet about it.

5 years ago
Permalink

Comment has been collapsed.
MrVivian

It's the law in Europe thanks to the GDPR

5 years ago
Permalink

Comment has been collapsed.
shauntmw

I see. Glad to know this exists. Thanks~

5 years ago
Permalink

Comment has been collapsed.
pavepode

Hackers know I'm an active subscriber! NOOOOO!

5 years ago
Permalink

Comment has been collapsed.
Rellikpt

they also know i pause a lot, lol

5 years ago
Permalink

Comment has been collapsed.
AManOfLetters

Received it yesterday, changed password, enabled 2FA, activated some keys just in case.

5 years ago
Permalink

Comment has been collapsed.
Hassat

+1 got the same mail here.
I don't think someone knowing I'm sub is good blackmail material just yet xD

5 years ago
Permalink

Comment has been collapsed.
Cruse

Now, Hand over that Kingdom Come offer, that Pathfinder, a year sub of $99, This month's monthly of MGS and Cities Skylines. OR, or, or else! Would you like to have $20 store credit, how about $5 store credit for referral while it was $8 previously! A discount of $3, how wonderful we are! Hand over your monies NOW! This is a holdup! Brought to you by In Good Name~

5 years ago
Permalink

Comment has been collapsed.
Hassat

The saddest thing being yearlies get none of those offers :(

5 years ago
Permalink

Comment has been collapsed.
Andreakoss

In China that would be used against you.

"But examples of infractions include bad driving, smoking in non-smoking zones, buying too many video games and posting fake news online."

5 years ago
Permalink

Comment has been collapsed.
Hassat

Seems funny to criminalise "too many vidyagames" in ASIA of all places.

5 years ago
Permalink

Comment has been collapsed.
TatsuyaHiro

ha, me on my end I mostly only get emails about how supposedly someone tried to acces my epic account....that i barely use and havent spent any money on it XD

5 years ago
Permalink

Comment has been collapsed.
iubjaved

Now hackers know humble bundle are aware of the situation, dammit.

5 years ago
Permalink

Comment has been collapsed.
HocusPocus

I got this email too. I enjoyed the "As a reminder, here are some tips to keep your account private and safe" and am thinking of sending it back to them as they where breach not I.

5 years ago
Permalink

Comment has been collapsed.
kbronct

It would be funny :-)

5 years ago
Permalink

Comment has been collapsed.
icaio

please do it

5 years ago
Permalink

Comment has been collapsed.
Atisz

Makes perfect sense if you think about it: active subscriber -> plenty of game codes -> worth hacking.

5 years ago
Permalink

Comment has been collapsed.
Sooth

game codes -> worth hacking

Why, I hear that promptly putting any unused keys up as giveaways on SG is a suitable security measure for such situations.
..alright, everyone, let's get those unused Minion Masters keys up asap! Quickly, before they're all gone!

5 years ago
Permalink

Comment has been collapsed.
Kegfarms

Nothing for me I guess.

5 years ago
Permalink

Comment has been collapsed.
Rellikpt

thats good means you are safe maybe

5 years ago
Permalink

Comment has been collapsed.

Sign in through Steam to add a comment.