- Humble Bundle suffered a data breach recently that is said to have affected a limited number of users.
- Non-personal data was stolen by hackers, and data like email addresses and payment card details were not exposed.
- Emails have been sent out to affected users to notify them about the incident.
Humble Bundle suffered a data breach that affected a “very limited” number of users recently as reported by Malwarebytes. The company sent out emails to all affected users, and if you own a Humble account, you should check your inbox immediately to see if you have been affected. The attack on the website was most likely to steal customer data.
Humble Bundle is a platform primarily for gamers and also for book and music enthusiasts. The website offers “bundles” of content for a heavily discounted fee and most of the proceeds go towards charity. Users also have the option of purchasing digital products from the Humble Store if they do not want to buy one of the bundles.
Last week, the company discovered a bug that allowed hackers access to non-personal information. While the bug did not directly expose email addresses, anyone who was aware of the bug could test email addresses and check if they made a Humble Bundle account. If your email received a match in the process should have an email in your inbox from the company.
Unlike many other data breaches that involve sensitive data being stolen, this one was quite different. Names, passwords, billing data or payment information was not stolen by attackers. The only information attackers were able to access, is the Humble Monthly subscription status of users. The Humble Monthly subscription plan offers a random set of games for a fixed fee every month which contains a mix of indie and triple-A titles.
Humble Bundle has advised users to “Be careful of emails with links to unfamiliar sites. If you receive a suspicious email related to Humble Bundle, please contact us via our support website so that we can investigate further and warn others” and to “Enable Two-factor authentication (2FA) so that even if someone gets your password, they won’t be able to access your account.”