black friday 2019, dealmaster, IT Security, Nintendo Switch, ps4, tech, video games, Xbox One

Dealmaster: The best Black Friday gaming deals for PS4, Switch, and Xbox

The Nintendo Switch.

Enlarge / The Nintendo Switch. (credit: Photo Illustration by Guillaume Payen/SOPA Images/LightRocket via Getty Images)

Today is Black Friday, and that means a lot of video game deals. While the annual shopping event is still filled with offers that push mediocre products or prices that aren’t particularly low, many of the gaming deals the Dealmaster has found across various retailers are genuinely worth your time.

On the PlayStation side of things, that includes $100 off the 4K-ready PlayStation 4 Pro, with the standalone console and a bundle that includes Call of Duty: Modern Warfare currently down to $299. The standard “Slim” PS4, meanwhile, is down to $199; that’s about $80-100 off where we normally see it online, but Sony is packaging God of WarHorizon Zero Dawn: Complete Edition, and The Last of Us: Remastered with the console as part of its holiday season bundle. For context, those three games usually sit in the $10-20 range these days. (All of them are also pretty good, if you haven’t tried them already.) This deal does appear to be running out of stock pretty quickly, though.

A bundle of the company’s PlayStation VR headset that includes two games and two PlayStation Move motion controllers is also discounted to $250. That’s roughly a $100 discount and about as low as we see it at major retailers. An additional bundle that included five games but no Move controllers was available for $200 earlier this week, but that unfortunately looks to be out of stock at major retailers on Black Friday itself.

Read 8 remaining paragraphs | Comments

2-Step Verification, 2fa, Breach, bug, Cybercrime, games, gaming, humble bundle, IT Security, phish, Phishing, Security, Social Engineering, spear phishing, two-factor authentication, video games

Humble Bundle alerts customers to subscription reveal bug

You’ll want to check your mailbox if you have a Humble Bundle account, as they’re notifying some customers of a bug used to gather subscriber information.

bug notice

Click to enlarge

The mail reads as follows:

Hello,

Last week, we discovered someone using a bug in our code to access limited non-personal information about Humble Bundle accounts. The bug did not expose email addresses, but the person exploited it by testing a list of email addresses to see if they matched a Humble Bundle account. Your email address was one of the matches.

Now, this is the part of a breach/bug mail where you tend to say “Oh no, not again” and take a deep breath. Then you see how much of your personal information winged its way to the attacker.

Oh no, not again

For once, your name, address, and even your login details are apparently in safe hands. Either this bug didn’t expose as much as the attacker was hoping for, or they were just in it for the niche content collection.

The email continues:

Sensitive information such as your name, billing address, password, and payment information was NOT exposed. The only information they could have accessed is your Humble Monthly subscription status. More specifically, they might know if your subscription is active, inactive, or paused; when your plan expires; and if you’ve received any referral bonuses.

I should explain at this point. You can buy standalone PC games on the Humble store, or whatever book, game, or other collection happen to be on offer this week. Alternatively, you can sign up to the monthly subscription. With this, you pay and then every month you’re given a random selection of video game titles. They may be good, bad, or indifferent. You might already own a few, in which case you may be able to gift them to others. If you have  no interest in the upfront preview titles, you can temporarily pause your subscription for a month.

This is the data that the bug exploiter has obtained, which is definitely an odd and specific thing to try and grab.

Security advice from Humble Bundle

Let’s go back to the email at this point:

Even though the information revealed is very limited, we take customer trust very seriously and wanted to promptly disclose this to you. We want to make sure you are able to protect yourself should someone use the information gathered to pose as Humble Bundle.

As a reminder, here are some tips to keep your account private and safe:

  • Don’t share your password, personal details, or payment information with anyone. We will NEVER ask for information like that.
  • Be careful of emails with links to unfamiliar sites. If you receive a suspicious email related to Humble Bundle, please contact us via our support website so that we can investigate further and warn others.
  • Enable Two-factor authentication (2FA) so that even if someone gets your password, they won’t be able to access your account. You can enable2FA by following these instructions.

We sincerely apologize for this mistake. We will work even harder to ensure your privacy and safety in the future.

Good advice, but what’s the threat?

One could guess that the big risk here, then, is the potential for spear phishing. They could exploit this by sending mails to subscribers that their subscription is about to time out, or claim problems with stored card details. Throw in a splash of colour text regarding your subscription “currently being paused,” and it’s all going to look convincing.

Phishing is a major danger online, and we should do everything we can to thwart it. While the information exposed here isn’t as bad as it tends to be, it can still cause major headaches. Be on the lookout for dubious Humble mails, especially if they mention subscriptions. It’ll help to keep your bundle of joy from becoming a bundle of misery.

The post Humble Bundle alerts customers to subscription reveal bug appeared first on Malwarebytes Labs.