I got an e-mail saying someone from a strange location had accessed my account. After mentioning it on NeoGAF there are already about 20 others have said the same thing. You only get that e-mail AFTER they successfully log in with the correct password too so it seems like a ton, if not all, passwords and accounts have been leaked. No official word yet but too many people to be a coincidence.
HumbleBundle has been hacked. Change your password.
Seems a bit suspect, but I'm not sure if the sample size is large enough to verify a large scale compromise of their data.
That being said, you should activate two-factor authentication on Humble Bundle if you've not already done so. It should help keep your account secure even if your password is compromised.
I'd be willing to bet that a lot of those are due to reused passwords that were picked up in other hacks (that's been the go-to for these things lately). That said, things like this are why I have a password manager. Password gets found, and the account's sporting a new one with a couple of clicks.
I got the same email a couple of days ago. I made my Humble account so long ago and I used a weak frequently used password of old. This was a good reminder that I've needed a stronger unique password for years now.
Well, whether it's a full blown hack or some remnants of old passwords being stolen, might as well stay on the safe side I suppose. Kudos for the heads up. My passwords consist of me slamming my keyboard against a wall and using the chaos as my new password, so I never memorize them so I never feel bad about changing them.
Easy enough to do anyway, so might as well. Also added two-factor, didn't realize that was an option, thanks for that @chaser324.
Don't keep my card on it but still, thanks for the heads up OP.
I got that email the other day. Changed my password. I should probably do that two-factor authentication thing.
I tried to access my account and my password wouldn't work, but I doubt my account was hacked. Most likely the password got mixed up at some point (I used lastpass for awhile and recently migrated to KeePass. I vaguely remember lastpass trying to autochange passwords and failing on some accounts. Humble bundle could have been one of them).
I never got an email about a weird place trying to access my account until today... Which only happened because I moved 2 years ago and it's been awhile since I accessed my account. Either way I changed it and unlinked my steam account for good measure. I will continue to not use humble bundle.
Please Log In to post.
Log in to comment