Kickstarter hacked, customer information compromised

By on February 15, 2014, 6:45 PM
hacking, attack, theft, breach, kickstarter, crowdsourced

Add Kickstarter to the growing list of sites that have recently been hacked. The crowdfunding website’s CEO, Yancey Strickler, announced the security breach via blog post on Saturday and thankfully, it doesn’t appear as though too much damage was done.

Kickstarter was first made aware of the hack by law enforcement officials on Wednesday night. Although the attackers were able to access select customer data, no credit card data was compromised during the attack. What’s more, the company tells us there is no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts.

Hackers did manage to gain access to usernames, e-mail addresses, mailing addresses, phone numbers and encrypted passwords, however. Actual passwords were not revealed although it is possible for someone with enough computing power to use brute force to crack encrypted passwords, especially those that are weak or obvious.

The company said they immediately closed the security breach and began strengthening security measures throughout the entire network as soon as they learned of the attack. They waited until Saturday to announce the breach in order to have time to thoroughly investigate the situation, Strickler said.

As a precaution, Kickstarter strongly recommends that all users create a new password for their Kickstarter account as well as any other account that may have used the same password. The company also reset all Facebook login credentials for those that use the social network to log into Kickstarter. These users can simply reconnect when they come back to Kickstarter, we’re told.




User Comments: 7

Got something to say? Post a comment
1 person liked this | Nima304 said:

The issue with these companies' security policies is that they're reactive, not proactive. They wait until they've been hacked to do a security overhaul, instead of investing a small (when comparing to the cost of a security breach) amount of money each year for a security audit of their systems.

techseven said:

"......began strengthening security measures throughout the entire network"

I wonder what that really means, where they not providing the best available security for user accounts before?

2 people like this | Guest said:

@techseven

I don't think it's a matter of them not trying to provide the best protection before. More likely that there was a security vulnerability present in their system that they hadn't originally known about or conceived of to try and protect. Then when they were hacked, they work out how it happened, and then plug the hole.

@Nima304

While being more proactive would certainly reduce the risk and probability of a breach, it's certainly no guarantee. Especially given how far these attackers will go to gain access, and the sophistication of the attacks themselves. Without further comment on how exactly the attackers got the data (whether from some basic security flaw, or something extremely advanced) it's unfair to assume that the company wasn't doing everything it reasonably could do to try and protect against known attack vectors.

Guest said:

Everyone in the world should use the password 'password' and pin number '1234'.

If it's that damn obvious then there is no information left to steal.

We know that privacy is dead (didn't Snowden tell us), so what does it matter who knows what about you. We should act as if we have no secret place anyway, unless you hide in your cupboard.

Use cash, not digital currency (and that goes for Bitcoin too).

Shop locally, as all the useless stuff you bought off eBay just helped develop China's economy, not yours.

And most importantly, close your Facehook/Twatter accounts and turn off your PC/Tablet/Phone.

What on earth did people do in the 80's? Well, they certainly didn't drop dead from boredom or get hacked, stolen passwords, suicide live on webcam or be electronically stalked.

Figure it out for yourself. Don't be a target. Don't be a statistic for Google/Farcebook/MS/Apple/etc.

Rediscover your family. Rediscover yourself. Rediscover reality.

It's time to 'iTurn off, iTune out and Drop in'...

JC713 JC713 said:

The issue with these companies' security policies is that they're reactive, not proactive. They wait until they've been hacked to do a security overhaul, instead of investing a small (when comparing to the cost of a security breach) amount of money each year for a security audit of their systems.

I agree.

gobbybobby said:

Exactly why I never give my real phone number when signing up for things, drives the pizza delivery people crazy when ive given a fake number when ordering online and they have tried calling because they can't find house, its too bad I don't want my number going missing in some data hack and getting scam phone calls.

Guest said:

Use cash, not digital currency (and that goes for Bitcoin too).

Cash is useless if you need to purchase items online or pay monthly cell phone bill.

Shop locally, as all the useless stuff you bought off eBay just helped develop China's economy, not yours.

Again, shopping locally is useless if the items you need are only available online.

captaincranky captaincranky, TechSpot Addict, said:

See, another article that goes to prove beyond a doubt that supporters of "cloud computing" have been right in their beliefs, that "the cloud" is the one true future of the information age!

I'm going to log off here, and go leave my personal information in as many places on the internet as I possibly can.

After all, I did want to be one more roadblock to the future!:oops:

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.