Over the past couple of days, PC users with an account at Bundle Stars may have noticed some suspicious-looking password reset emails hit their inbox. However, as the company noted on Twitter yesterday, these emails are legit. Bundle Stars and parent company Focus Multimedia Ltd. are prompting all users to set new, unique passwords, due to a potential leak.
"Focus Multimedia's security processes led to the detection of irregular account activity," reads the official statement sent to Shacknews. "On investigation, Focus Multimedia has identified that some customer accounts may have been accessed without the account holders’ permission. It is thought likely that an individual or individuals has/have obtained a list of compromised email and password combinations which have been stolen from other websites. Attempts have been made to access Bundle Stars accounts by entering these email address and password combinations."
Focus is stating that this is a proactive measure and that no financial information has been compromised. Affected accounts may have had their order history and purchased serial keys accessed without permission, but stored payment information was not affected. Those that have had their accounts accessed have been contacted in separate emails by Focus, so if you've only received the password reset prompt, you are safe.
"We apologise for the inconvenience and concern that this may have caused to the Bundle Stars community,” Focus Multimedia Managing Director Craig Johnson added later in the statement. "We take our responsibilities regarding customer data extremely seriously, and we have acted quickly to resolve the issue and ensure the security of our customers. An extensive forensic investigation into this malicious activity is ongoing. It is important to stress that any data theft has not been caused by a compromise of our e-commerce platform. Robust security systems and processes are critical to our service and we continuously invest in our infrastructure to meet evolving threats."