HumbleBundle has been hacked. Change your password.

Avatar image for metal_mills
metal_mills

3594

Forum Posts

4049

Wiki Points

0

Followers

Reviews: 10

User Lists: 3

#1  Edited By metal_mills

I got an e-mail saying someone from a strange location had accessed my account. After mentioning it on NeoGAF there are already about 20 others have said the same thing. You only get that e-mail AFTER they successfully log in with the correct password too so it seems like a ton, if not all, passwords and accounts have been leaked. No official word yet but too many people to be a coincidence.

Avatar image for jeevespleez
JeevesPleez

375

Forum Posts

930

Wiki Points

0

Followers

Reviews: 1

User Lists: 2

Done, thanks for the heads up.

Avatar image for jsgr93
jsgr93

97

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

Appreciate it. Will do

Avatar image for chaser324
chaser324

9247

Forum Posts

14897

Wiki Points

0

Followers

Reviews: 1

User Lists: 14

#4 chaser324  Moderator

Seems a bit suspect, but I'm not sure if the sample size is large enough to verify a large scale compromise of their data.

That being said, you should activate two-factor authentication on Humble Bundle if you've not already done so. It should help keep your account secure even if your password is compromised.

Avatar image for ezekiel
Ezekiel

2257

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

I don't keep my CC on there or anywhere but Amazon for this reason. I have some unredeemed keys, but I wouldn't miss them.

Avatar image for madman356647
madman356647

827

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

I'd be willing to bet that a lot of those are due to reused passwords that were picked up in other hacks (that's been the go-to for these things lately). That said, things like this are why I have a password manager. Password gets found, and the account's sporting a new one with a couple of clicks.

Avatar image for bigdaveischeap
BigDaveisCheap

79

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

I got the same email a couple of days ago. I made my Humble account so long ago and I used a weak frequently used password of old. This was a good reminder that I've needed a stronger unique password for years now.

Avatar image for zolroyce
ZolRoyce

1589

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

Well, whether it's a full blown hack or some remnants of old passwords being stolen, might as well stay on the safe side I suppose. Kudos for the heads up. My passwords consist of me slamming my keyboard against a wall and using the chaos as my new password, so I never memorize them so I never feel bad about changing them.

Avatar image for yummytreesap
YummyTreeSap

1265

Forum Posts

304

Wiki Points

0

Followers

Reviews: 0

User Lists: 1

Never got that email, but I changed my password anyway. Thanks!

Avatar image for doerr007
doerr007

122

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

Thanks, just changed it and added two factor authentication to the account.

Avatar image for capum15
Capum15

6019

Forum Posts

411

Wiki Points

0

Followers

Reviews: 0

User Lists: 0

Easy enough to do anyway, so might as well. Also added two-factor, didn't realize that was an option, thanks for that @chaser324.

Don't keep my card on it but still, thanks for the heads up OP.

Avatar image for macka1080
Macka1080

256

Forum Posts

0

Wiki Points

0

Followers

Reviews: 0

User Lists: 1

Thanks for the heads up, duder!

Avatar image for finaldasa
FinalDasa

3784

Forum Posts

9918

Wiki Points

0

Followers

Reviews: 9

User Lists: 15

#13 FinalDasa  Moderator

No email so I assume this was specific accounts only?

I enabled 2 factor authentication so I should be fine. Never hurts to update passwords.

Avatar image for monkeyman04
Monkeyman04

2878

Forum Posts

10

Wiki Points

0

Followers

Reviews: 0

User Lists: 5

#14 Monkeyman04  Online

I got that email the other day. Changed my password. I should probably do that two-factor authentication thing.

Avatar image for rongalaxy
RonGalaxy

4937

Forum Posts

48

Wiki Points

0

Followers

Reviews: 1

User Lists: 1

I tried to access my account and my password wouldn't work, but I doubt my account was hacked. Most likely the password got mixed up at some point (I used lastpass for awhile and recently migrated to KeePass. I vaguely remember lastpass trying to autochange passwords and failing on some accounts. Humble bundle could have been one of them).

I never got an email about a weird place trying to access my account until today... Which only happened because I moved 2 years ago and it's been awhile since I accessed my account. Either way I changed it and unlinked my steam account for good measure. I will continue to not use humble bundle.

Avatar image for defe
defe

328

Forum Posts

2828

Wiki Points

0

Followers

Reviews: 0

User Lists: 1

Thanks for looking out for us. Got myself a new password.