Another Game Company Encourages a Bad Email Habit
Explained | News

Another Game Company Encourages a Bad Email Habit

Posted: April 17, 2014 by Jovi Umawing

In response to AWS’s announcement that several of their services were found vulnerable to the Heartbleed bug, GearBox Software, the makers of the popular Half-Life and Borderlands series, urged their community of Borderlands 2 gamers to update their passwords.

Game developers informing their community of gamers, whether about a potential breach in their systems or the latest news about their most loved games, is the right thing to do. However, GearBox executed their notification email in poor form:

“Dear SHiFT user”

From: noreply@gearboxsoftware.com

Subject: SHiFT Security Notice

SHiFT is GearBox’s is a platform where they reward their gaming community with in-game freebies: keys and character loot, to name a few. Anyone with a SHiFT account can link to their Steam, XBox Live and other accounts under Sony Entertainment.

And, yes, the email above is legit.

Once  users click the “Reset Password” button, it leads them to a page saying that a password reset mail has been sent to their mails.

Change password here

Change password here

From: shift@gearboxsoftware.com

Subject: Reset password instructions

This, too, is legit.

Since everything above has been good so far, you may be wondering what I’m really getting at. Including a link in the mail to reset the user’s password can potentially fosters them to act similarly towards potentially dangerous emails like spam and phishing mails.

I understand that links in mails can be convenient, but once security of data is at stake, it’s better for game companies to inform users to visit their official page and make the necessary changes there.

Almost a year ago, Ubisoft was compromised and account credentials were stolen. Immediately after this, the company sent out notifications to users to update their password. The email, as you may have known by now, contains a reset link.

I wish to reiterate what we have been telling our readers since time immemorial: never click links on emails. If you know a company who is doing this, or still continues to, I think it won’t hurt to call them out.

Other related post/s:

Jovi Umawing

RELATED ARTICLES

Fishing in a lake
Cybercrime

Law enforcement reels in phishing-as-a-service whopper

April 18, 2024 - A major international law enforcement effort has disrupted the notorious LabHost phishing-as-a-service platform.

CONTINUE READING 0 Comments
Cerebral logo
News | Privacy

Mental health company Cerebral failed to protect sensitive personal data, must pay $7 million

April 18, 2024 - The Federal Trade Commission (FTC) has reached a settlement with online mental health services company Cerebral after the company was charged with failing to secure and protect sensitive health data.

CONTINUE READING 0 Comments
JuicyFields investment scam
News | Scams

Cannabis investment scam JuicyFields ends in 9 arrests

April 18, 2024 - JuicyFields was an investment scam that urged victims to invest in cannabis production.

CONTINUE READING 0 Comments
A mobile phone in the hands of a young woman in a dark colored t-shirt.
Privacy

Should you share your location with your partner?

April 17, 2024 - Location sharing is popular among couples. But is it something you want in your own relationship?

CONTINUE READING 0 Comments
Giant Tiger logo
News | Personal

Giant Tiger breach sees 2.8 million records leaked

April 16, 2024 - A threat actor claims to be in possession of 2.8 million records originating from a hack at Canadian retail chain Giant Tiger

CONTINUE READING 0 Comments

ABOUT THE AUTHOR

Jovi Umawing

Jovi Umawing

Knows a bit about everything and a lot about several somethings. Writes about those somethings, usually in long-form.

Contributors icon

Contributors

Threat Center icon

Threat Center

Podcasts icon

Podcast

Glossary icon

Glossary

Scams icon

Scams