Kickstarter Hacked, Customer Data Exposed, Credit Card Info Reportedly Safe
If you’ve ever used Kickstarter, you should change your password immediately, as the site reports that it has been hacked. “On Wednesday night, law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers' data,” reads a Kickstarter email. “Upon learning this, we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system.”
The company stated that no credit card information was stolen, although user information including usernames, passwords, email addresses--and even physical mailing addresses, phone numbers, and encrypted passwords. Thankfully, those passwords were encrypted (salted and digested multiple times with SHA-1, with more recent passwords hashed with bcrypt), but of course armed with all of your information, a hacker could possibly crack your password if it isn’t strong enough.
Worse, that’s a lot of phishing bait to lose track of.
Kickstarter was effusive in its apology and assured users that it has “since improved our security procedures and systems in numerous ways”. It’s also working with law enforcement on the situation,
One galling note about this hack, though, is that Kickstarter knew about it as early as Wednesday night and just got around to telling customers about it. (I received an email just within the last hour.) That’s two and half days of head start for those who pilfered user data.
The company stated that no credit card information was stolen, although user information including usernames, passwords, email addresses--and even physical mailing addresses, phone numbers, and encrypted passwords. Thankfully, those passwords were encrypted (salted and digested multiple times with SHA-1, with more recent passwords hashed with bcrypt), but of course armed with all of your information, a hacker could possibly crack your password if it isn’t strong enough.
Worse, that’s a lot of phishing bait to lose track of.
Kickstarter was effusive in its apology and assured users that it has “since improved our security procedures and systems in numerous ways”. It’s also working with law enforcement on the situation,
One galling note about this hack, though, is that Kickstarter knew about it as early as Wednesday night and just got around to telling customers about it. (I received an email just within the last hour.) That’s two and half days of head start for those who pilfered user data.
