Posted February 17, 2016
I didn't have a chance to investigate this further, but I wanted to let everyone know who has keys on Bundle Stars. I got the following email today:
We have noticed attempts to access Bundle Stars customer accounts by entering, what we believe to be, stolen email address and password combinations, so we have taken the precaution of resetting all user passwords across the website. Customers' financial information, such as PayPal, credit or debit card details is not stored on the Bundle Stars website, so has NOT been compromised and is not at risk.
We have reason to believe that a number of customer accounts may have been accessed without the permission of the account holder. We think it is likely that an individual or individuals obtained, from the public domain, a list of compromised accounts which have been stolen from other websites.
If your account has been affected, then your email address, password, order history and purchased Steam keys may have been accessed.
Next time you sign in, you will be required to change your password. You will then be able to access your account and order history as normal.
WHEN ENTERING YOUR NEW PASSWORD WE STRONGLY RECOMMEND THAT, TO PROTECT YOUR ACCOUNT, YOU USE A UNIQUE AND PREVIOUSLY UNUSED PASSWORD.
We would also encourage you to update your password across any other websites where you have used the same or similar passwords, and do this as soon as you possibly can.
If your previous email and password combination was unique to Bundle Stars, then your account will not have been affected.
We apologise for the inconvenience and concern that this may have caused you as a member of the Bundle Stars community. We have acted quickly to investigate and take security precautions to protect our customers by removing all passwords so that every customer must choose a new password. We also invalidated the session so that all customers were logged out, and implemented reCAPTCHA.
It is important to stress that our investigation indicates that this breach has not been caused by any compromise of our internal security systems but has been caused by an attack by an individual or individuals that have obtained user and password details from compromised accounts stolen from other websites. Robust security systems and processes are critical to our service and we continuously invest in our information security system to meet evolving threats.
If you have any concerns about your account, please click here to view our FAQ page, or alternatively please contact our support team: support@bundlestars.com
Thank you for your understanding on this matter, and we apologise unreservedly for any inconvenience.
We have noticed attempts to access Bundle Stars customer accounts by entering, what we believe to be, stolen email address and password combinations, so we have taken the precaution of resetting all user passwords across the website. Customers' financial information, such as PayPal, credit or debit card details is not stored on the Bundle Stars website, so has NOT been compromised and is not at risk.
We have reason to believe that a number of customer accounts may have been accessed without the permission of the account holder. We think it is likely that an individual or individuals obtained, from the public domain, a list of compromised accounts which have been stolen from other websites.
If your account has been affected, then your email address, password, order history and purchased Steam keys may have been accessed.
Next time you sign in, you will be required to change your password. You will then be able to access your account and order history as normal.
WHEN ENTERING YOUR NEW PASSWORD WE STRONGLY RECOMMEND THAT, TO PROTECT YOUR ACCOUNT, YOU USE A UNIQUE AND PREVIOUSLY UNUSED PASSWORD.
We would also encourage you to update your password across any other websites where you have used the same or similar passwords, and do this as soon as you possibly can.
If your previous email and password combination was unique to Bundle Stars, then your account will not have been affected.
We apologise for the inconvenience and concern that this may have caused you as a member of the Bundle Stars community. We have acted quickly to investigate and take security precautions to protect our customers by removing all passwords so that every customer must choose a new password. We also invalidated the session so that all customers were logged out, and implemented reCAPTCHA.
It is important to stress that our investigation indicates that this breach has not been caused by any compromise of our internal security systems but has been caused by an attack by an individual or individuals that have obtained user and password details from compromised accounts stolen from other websites. Robust security systems and processes are critical to our service and we continuously invest in our information security system to meet evolving threats.
If you have any concerns about your account, please click here to view our FAQ page, or alternatively please contact our support team: support@bundlestars.com
Thank you for your understanding on this matter, and we apologise unreservedly for any inconvenience.