Humble Bundle suffered a mild data breach
Seriously, is anything secure online?
Towards the end of November, Humble Bundle, an online merchant for games and other digital items, realized they had suffered a data breach. Now before you panic, the breach was very limited in scope and only affects Humble Monthly subscribers, current and prior.
A software bug let hackers extract information about its Humble Monthly subscribers, including if the subscription was active, inactive or paused when the plan expires, and if any referral bonuses were accrued.
Humble says that no personally-identifiable information was leaked as a result of the bug, so things like real names, billing addresses, passwords or payment details didn’t get picked up by the breach. That’s good to know, although as with all breaches – changing your password is probably the safest option here.
Be on the lookout
The official Malwarebytes blog warns Humble Bundle users to be on the lookout for phishing emails that pretend to be from the service. It’s conceivable that attackers can now target their email campaigns to those who match the Humble Monthly subscription data. They could hide dangerous links benign-looking emails warning of your subscription running out, or send offers of cheaper service if you resubscribe.
These fraudulent emails would then send you to a website the attackers set up, to steal actual login details or credit card numbers from users.
How to protect your Humble Bundle account
As a reminder, never give personal information over email. Most reputable retailers have some secure way of communication on their site and users should only use official channels with any personal information.
One of the best defenses against hacking is setting up two-factor authentication (2FA) on your account. If you’re a Humble Bundle user, you can find out how to enable 2FA on your account here.
- 500 million Marriott hotel guests have had their data exposed in a massive data breach
- Firefox Monitor will now tell you if the website you’re on has suffered a data breach
- Google kept a massive data breach under wraps and now it’s all coming to light