First time ever I hear something like that about Humble Bundle
Comment has been collapsed.
there was a security breach like few months ago. it hit quite a few ppl, including from who I know about me and two other top contributors from SG. They never specified tere was a breach, but they were giving new keys without asking any questions, I got myself over 20 keys restored back then.
Comment has been collapsed.
I keep buying bundles and have not check my account for a year or so. Guess I should.
Comment has been collapsed.
That's awful! I always believed these sites were pretty safe (well nothing can be perfect), but you can never know what may happen
From my experience Humble's support is pretty decent and responses pretty fast, so he can give them a hint of what happened and they may help him
Comment has been collapsed.
- were your HB-Bundles claimed with a profile? If yes, better change the PW of your mail first ...
- did you share them with someone you trust and that someone shared them with someone he trusted (happens)
- did you save your logins/links in the cloud somewhere (personally i have my HB Keys in my private Skydrive)
Comment has been collapsed.
- Yup. My email password was different though, and I also have phone verification there.
- Nope.
- Nope.
However, my old HB password wasn't unique, perhaps that had something to do with it.
Comment has been collapsed.
It happened to me couple of months ago, I changed my password but about 80 of my keys were gone. Also happened for my Groupees and Bundlestars accounts too. It's the most frustrating thing ever happened to me, change your passwords often guys.
Comment has been collapsed.
use two step authenthication wherever you can ;) Humble provides mobile authenthication, a lot of email providers offer 2 step verification with either mobile app or SMS verification and so on ;)
Comment has been collapsed.
Already did now, I wasn't aware of that at that point.
Comment has been collapsed.
Well that's news. Have you tried contacting their support?
Comment has been collapsed.
+1, I contacted support and they revoked some of my stolen games and returned them with new links to me. You should do the same.
Comment has been collapsed.
I figured there wasn't much point in contacting support, especially since I can't recall with certainty all the games that I believe were stolen, but I guess it's worth a shot. Thanks for the tip.
Comment has been collapsed.
they will require a list of games you believe were stolen so you must be pretty sure about them. Because they will reset the keys - meaning revoking used keys from steam and giving you a new set - so if for example by accident you tell them that key you gave away or traded got stolen - game will get removed from winner/trader and it wil make you look like a scammer.
Comment has been collapsed.
it's not a new thing ppl are stealing Humble Bundle accounts, so phone verification is the way to go.
Comment has been collapsed.
How on earth do these people manage to break into those accounts? :S
Comment has been collapsed.
some kind of security breach I believe - as at least in my case it couldn't be compromised email, as I have SMS verification set up in gmail plus I only lost keys from Humble and not from any other bundle site.
Comment has been collapsed.
Scary. Although I'm security conscious boy, the thought of untracked possessions like Humble keys getting compromised annoys me to no end.
I do have two steps verification, though.
Comment has been collapsed.
sorry to hear that. i'm setting 2 step verification..what is authy token?(my phone is dead can't get sms atm)
Comment has been collapsed.
Are you sure they have been used ? Did you try these keys ?
It could have something to do with this (check this comment)
Comment has been collapsed.
Hmm, interesting point. I can't say with certainty that's not the case, since I can't check whether the keys are used because I already have the games on my account, and trying them on a new account would mean redeeming them if they turn out to be unused, which defeats the purpose of checking.
Comment has been collapsed.
Well, depending on how many keys we are talking about, it could be worth sacrifying one of these for checking.
If the games we are talking about here are from old bundles that were using OAuth for redeeming, it is likely that the keys are shown because of this and are not actually used.
If they are from recent bundles, that's less likely. I only have 2 unused keys on my HB account, they are from a recent bundle and they have not been revealed.
Comment has been collapsed.
Uh, I'm also scared, well, only worried. Will try to increase the security.
Comment has been collapsed.
Have you tried refreshing the page? I am having problems with HB displaying unredeemed keys lately. It seems the loading progress is slow and each time I refresh there are more keys.
Comment has been collapsed.
I've checked the actual bundle pages and the keys are shown there, so they have been redeemed as far as HB is concerned. Whether they've actually been used on Steam I cannot know.
Comment has been collapsed.
Same.Sometimes the loading takes ages, sometimes it doesn't finish.
I still have some links from the time they used OAuth and have been making giveaways with them lately. Before sending these out to giveaway winners I like to check the link that I have saved in my text file of keys. I'm checking if it's still live and that it is in fact for the correct game.
When going to the key section on there if I type the name of the game it sometimes doesn't show the actual instance of the game I'm looking for. I remember the other the day there was a particular game I was giving away, I typed it's name in the search under the "keys" section and it found 2 results. Neither of them matched the link I had from my text file. So I did some research, found that the game had been in humble jumbo bundle 3 so I searched for the bundle instead under "purchases" and it found it there. All 3 instances of me having that game on humble were through me buying 3 copies of the humble jumbo 3 bundle so I don't know why it didn't show when doing a key search.
Edit: And in the time I took to type that, the OP replied to you so it doesn't sound like it is that.
Comment has been collapsed.
Thanks, I'm putting a question up there in a second 'cause I'm dumb and don't get it :p
Comment has been collapsed.
Did they just disappear or did they show up as used? I've been seeing only about half of my inventory lately right after logging in, but after refreshing a few times everything is back to normal.
Comment has been collapsed.
Their 2 step verification is fishy, requires 3rd party software installed on your mobile device. which i refused. besides i don't leave keys laying around. that's just asking for trouble in your case. and i use a prepaid credit card "That i can delete anytime to make a new card" which i top up with specific amount of funds when i want to purchase online.
Comment has been collapsed.
You can also use SMS for the two-step verification if you don't trust a third-party app. That's what I use.
Also, I don't subscribe to the "asking for trouble" viewpoint. It shifts the blame to the victim from the actual perpetrators of the crime.
Comment has been collapsed.
I was in the mood for making a giveaway today so I took a look at my unredeemed keys on Humble Bundle, and it seemed I had a lot less than I remembered. After some cross-referencing, I determined beyond doubt that most of my remaining keys have been mysteriously redeemed, and I am certain that I didn't do it since I have not made giveaways for those games nor did I give them to anyone. Unfortunately, I didn't know about the phone verification feature until now, so hopefully this kind of thing won't happen again.
So TL;DR: people are stealing keys from Humble Bundle accounts, make sure you use phone verification and a unique password for yours.
EDIT: Here's a giveaway for y'all.
Comment has been collapsed.