Sometimes a basic data breach is just the first step in a larger campaign.

That appears to be the case with the gaming subscription site Humble Bundle, which began informing its customers of a data breach that may have exposed a person’s subscription status, Malwarebytes reported. While on the outside this appears to be a basic attack, Malwareybytes’ researcher Christopher Boyd thinks there could be more behind it.

“More specifically, they might know if your subscription is active, inactive, or paused; when your plan expires; and if you’ve received any referral bonus,” Humble Bundle’s customer email stated, adding no payment card, billing addresses and password were not exposed.

The malicious actor evidently used a vulnerability in the system that was combined with a credential stuffing attack that pushed a list of email addresses against Humble Bundle to see if they could be used to gain access, the company said.

Boyd questioned the value of the data gathered by the attacker, but did broach the idea it could be used in a follow up attack that would prove more profitable.

“One could guess that the big risk here, then, is the potential for spear phishing. They could exploit this by sending mails to subscribers that their subscription is about to time out, or claim problems with stored card details. Throw in a splash of colour text regarding your subscription “currently being paused,” and it’s all going to look convincing,” he wrote.