BundleStars has reset all users passwords as a precaution..

[balloonshark]

I just received this email from BundleStars. It doesn't look like the breaches are their fault from the text I underlined below. If you had a unique password for BundleStars it looks like your account should be fine.

We have noticed attempts to access Bundle Stars customer accounts by entering, what we believe to be, stolen email address and password combinations, so we have taken the precaution of resetting all user passwords across the website. Customers' financial information, such as PayPal, credit or debit card details is not stored on the Bundle Stars website, so has NOT been compromised and is not at risk.

We have reason to believe that a number of customer accounts may have been accessed without the permission of the account holder. We think it is likely that an individual or individuals obtained, from the public domain, a list of compromised accounts which have been stolen from other websites.

If your account has been affected, then your email address, password, order history and purchased Steam keys may have been accessed.

Next time you sign in, you will be required to change your password. You will then be able to access your account and order history as normal.

WHEN ENTERING YOUR NEW PASSWORD WE STRONGLY RECOMMEND THAT, TO PROTECT YOUR ACCOUNT, YOU USE A UNIQUE AND PREVIOUSLY UNUSED PASSWORD.

We would also encourage you to update your password across any other websites where you have used the same or similar passwords, and do this as soon as you possibly can.

If your previous email and password combination was unique to Bundle Stars, then your account will not have been affected.

We apologise for the inconvenience and concern that this may have caused you as a member of the Bundle Stars community. We have acted quickly to investigate and take security precautions to protect our customers by removing all passwords so that every customer must choose a new password. We also invalidated the session so that all customers were logged out, and implemented reCAPTCHA.

It is important to stress that our investigation indicates that this breach has not been caused by any compromise of our internal security systems but has been caused by an attack by an individual or individuals that have obtained user and password details from compromised accounts stolen from other websites. Robust security systems and processes are critical to our service and we continuously invest in our information security system to meet evolving threats.

If you have any concerns about your account, please click here to view our FAQ page, or alternatively please contact our support team: support@bundlestars.com

Thank you for your understanding on this matter, and we apologise unreservedly for any inconvenience.

The Bundle Stars Team

 

[Raduque]

I haven't gotten that email.

 

[ImpulsE69]

I did.

 

[sweenish]

This is the second time a service gets compromised after I finally give them information.

PSN shortly after I finally added a credit card, and now this. At least my payment information wasn't touched. After PSN, I had to get a new credit card.

 

[balloonshark]

This is the second time a service gets compromised after I finally give them information.

PSN shortly after I finally added a credit card, and now this. At least my payment information wasn't touched. After PSN, I had to get a new credit card.

BundleStars did not get compromised. Read the quote. It sounds like another site or sites got compromised and the users were using the same password for two or more sites which is a bad idea.

 

[sweenish]

I read the email.

They felt it was serious enough to reset everyone's password. Close enough for me, since the hassle is the same. Nothing I hate more than this when it comes to e-commerce.