Kickstarter hacked, customer information compromised

Shawn Knight

Shawn Knight

Posts: 15,279   +192
Staff member

Add Kickstarter to the growing list of sites that have recently been hacked. The crowdfunding website’s CEO, Yancey Strickler, announced the security breach via blog post on Saturday and thankfully, it doesn’t appear as though too much damage was done.

Kickstarter was first made aware of the hack by law enforcement officials on Wednesday night. Although the attackers were able to access select customer data, no credit card data was compromised during the attack. What’s more, the company tells us there is no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts.

Hackers did manage to gain access to usernames, e-mail addresses, mailing addresses, phone numbers and encrypted passwords, however. Actual passwords were not revealed although it is possible for someone with enough computing power to use brute force to crack encrypted passwords, especially those that are weak or obvious.

The company said they immediately closed the security breach and began strengthening security measures throughout the entire network as soon as they learned of the attack. They waited until Saturday to announce the breach in order to have time to thoroughly investigate the situation, Strickler said.

As a precaution, Kickstarter strongly recommends that all users create a new password for their Kickstarter account as well as any other account that may have used the same password. The company also reset all Facebook login credentials for those that use the social network to log into Kickstarter. These users can simply reconnect when they come back to Kickstarter, we’re told.

Permalink to story.

https://www.techspot.com/news/55692-kickstarter-hacked-customer-information-compromised.html

 
The issue with these companies' security policies is that they're reactive, not proactive. They wait until they've been hacked to do a security overhaul, instead of investing a small (when comparing to the cost of a security breach) amount of money each year for a security audit of their systems.
 
  • Like
Reactions: Jad Chaar
"......began strengthening security measures throughout the entire network"

I wonder what that really means, where they not providing the best available security for user accounts before?
 
@techseven
I don't think it's a matter of them not trying to provide the best protection before. More likely that there was a security vulnerability present in their system that they hadn't originally known about or conceived of to try and protect. Then when they were hacked, they work out how it happened, and then plug the hole.

@Nima304
While being more proactive would certainly reduce the risk and probability of a breach, it's certainly no guarantee. Especially given how far these attackers will go to gain access, and the sophistication of the attacks themselves. Without further comment on how exactly the attackers got the data (whether from some basic security flaw, or something extremely advanced) it's unfair to assume that the company wasn't doing everything it reasonably could do to try and protect against known attack vectors.
 
  • Like
Reactions: cliffordcooley and m4a4
Everyone in the world should use the password 'password' and pin number '1234'.

If it's that damn obvious then there is no information left to steal.

We know that privacy is dead (didn't Snowden tell us), so what does it matter who knows what about you. We should act as if we have no secret place anyway, unless you hide in your cupboard.

Use cash, not digital currency (and that goes for Bitcoin too).

Shop locally, as all the useless stuff you bought off eBay just helped develop China's economy, not yours.

And most importantly, close your Facehook/Twatter accounts and turn off your PC/Tablet/Phone.

What on earth did people do in the 80's? Well, they certainly didn't drop dead from boredom or get hacked, stolen passwords, suicide live on webcam or be electronically stalked.

Figure it out for yourself. Don't be a target. Don't be a statistic for Google/Farcebook/MS/Apple/etc.

Rediscover your family. Rediscover yourself. Rediscover reality.

It's time to 'iTurn off, iTune out and Drop in'...
 
Nima304 said:
The issue with these companies' security policies is that they're reactive, not proactive. They wait until they've been hacked to do a security overhaul, instead of investing a small (when comparing to the cost of a security breach) amount of money each year for a security audit of their systems.
Click to expand...
I agree.
 
Exactly why I never give my real phone number when signing up for things, drives the pizza delivery people crazy when ive given a fake number when ordering online and they have tried calling because they can't find house, its too bad I don't want my number going missing in some data hack and getting scam phone calls.
 
Guest said:
Use cash, not digital currency (and that goes for Bitcoin too).
Click to expand...

Cash is useless if you need to purchase items online or pay monthly cell phone bill.

Guest said:
Shop locally, as all the useless stuff you bought off eBay just helped develop China's economy, not yours.
Click to expand...

Again, shopping locally is useless if the items you need are only available online.
 
See, another article that goes to prove beyond a doubt that supporters of "cloud computing" have been right in their beliefs, that "the cloud" is the one true future of the information age!

I'm going to log off here, and go leave my personal information in as many places on the internet as I possibly can.

After all, I did want to be one more roadblock to the future!:D
 
You must log in or register to reply here.

Similar threads

E
Kickstarter promises to bring this all-in-one 3D printer and laser to market
Replies
10
Views
359
return
return
midian182
Number of data breaches falls globally, triples in the US
Replies
11
Views
226
dangh
dangh
Daniel Sims
Hold up to 20 memory cards in one 300MB/s reader
Replies
0
Views
112
Daniel Sims
Daniel Sims

Latest posts

Back