Humble Bundle typically sends out monthly emails informing users of discounted games and low-price bundles packs with a wide range of games. In late November, though, the Humble Bundle team sent out an alert of a different kind: a data breach had occurred. The company revealed that a bug in the company's code allowed someone to compare a list of email addresses to see the if they had a Humble Bundle subscription, check if it was active, see when the plan expired, and find out if the account had a referral bonus.
While the Humble Bundle servers did not relinquish any personal or payment information, it's certainly not good that a hacker (or group of hackers) could compare emails to see if anyone was a Humble Bundle subscriber. Now that the hackers have this information, they know where to target mailblasts pretending to be from Humble Bundle. These blasts can imply things like Humble Bundle needing new subscription information, and can misdirect the user away from the authentic website. The official MalwareBytes blog suggests that Humble Bundle users be acutely aware of suspicious emails, especially any of them demanding updated contact or payment information.
That means the breach likely isn't as significant as the massive Bethesda blunder from last week, which involved much more personal information being revealed. While more sensitive information was leaked in the Bethesda error, it appears to be the result of a system error rather than a targeted attack. In any event, Humble Bundle officially recommends that users enable two-step verification on their accounts, don't share password information, and - as MalWare Bytes suggested - watch out for phishing attempts.
Gamers still interested in the December 2018 Humble Bundle will get a curious mix of games like the Megaman Legacy Collection, Metal Gear Solid 5: The Definitive Experience, the Zombie Army trilogy, Cities: Skylines, and more. Those who subscribe to the $12 monthly bundle will also get copies of Just Cause 3: XXL Edition, Project Cars 2, and Wizard of Legend, with portions of the proceeds going towards the DirectRelief charity. With so much value going into these low-priced bundles, it's no surprise that customers often flock to the retail website - but unfortunately, that evidently makes it a target for users with nefarious intentions, too.
Source: MalWare Bytes