Kickstarter Hacked, Customer Information Compromised

Steven Bogos

The Taco Man
Jan 17, 2013
9,354
0
0
Kickstarter Hacked, Customer Information Compromised


Kickstarter, the major crowdfunding service for video games and more, has been hacked.

Well, we've got another big name corporation to add to the "has been hacked" list, and this time it's crowdfunding giant Kickstarter. Kickstarter has announced on its blog that hackers had found their way into certain parts of its database last Wednesday. The good news is that no credit-card or payment info was accessed, but the bad news is that some customer's usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords were.

"We're incredibly sorry that this happened. We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come. We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again."

Kickstarter stresses that only encrypted passwords, and not actual passwords, were accessed, but added that "it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one." It suggested as a precaution that everyone change their password, just to be safe.

Furthermore, Kickstarter was happy to answer some of the most frequent questions it was getting from its customers on its blog, specifically:

Passwords were protected in one of two ways. Old passwords were salted and hashed with the SHA-1 protocol and newer passwords were hashed with bcrypt
It took 4 days to alert customers because they had to wait until they'd "thoroughly investigated the situation."
Two accounts showed (unspecified) unauthorized activity; both of those accounts have been re-secured.
If you use Facebook to login to Kickstarter, the company says your FB account hasn't been compromised. They've reset all Facebook tokens, which severs any ties Kickstarter has to your Facebook account until you manually give it permission again.

Source: Tech Crunch [https://www.kickstarter.com/blog?ref=footer]

Permalink
 

soulfire130

New member
Jun 15, 2010
189
0
0
Well that stinks. So much hacking going on recently. Either security is not as good anymore or hackers are really working hard.
 

Slegiar Dryke

New member
Dec 10, 2013
124
0
0
soulfire130 said:
Well that stinks. So much hacking going on recently. Either security is not as good anymore or hackers are really working hard.
Just like computer hardware and differing brands, network/server/account/etc security, and hacking tools, battle for who can be stronger....but yeah, so much hax.....
 

Kopikatsu

New member
May 27, 2010
4,924
0
0
soulfire130 said:
Well that stinks. So much hacking going on recently. Either security is not as good anymore or hackers are really working hard.
Security will always be second rate compared to hacking in the same way that weapon technology will always be superior to armor.

IE it's really impossible to be completely safe. All additional security really does is serve as a deterrent for those who aren't particularly willful. But if someone wants to get in, then they'll get in eventually.
 

Neverhoodian

New member
Apr 2, 2008
3,832
0
0
Dammit, time to change my Kickstarter password.

The only thing I used it for was to back Armikrog. No good deed goes unpunished.
 

soulfire130

New member
Jun 15, 2010
189
0
0
Kopikatsu said:
soulfire130 said:
Well that stinks. So much hacking going on recently. Either security is not as good anymore or hackers are really working hard.
Security will always be second rate compared to hacking in the same way that weapon technology will always be superior to armor.

IE it's really impossible to be completely safe. All additional security really does is serve as a deterrent for those who aren't particularly willful. But if someone wants to get in, then they'll get in eventually.

True. There will never be complete security.

But It seems they're going all out in the begining of the year though. First Target, now Kickstarter.

It could be worse though.
 

Somethingfake

New member
Oct 22, 2008
316
0
0
I don't really see why they waited four days. They could still advise that because something funky is going on, that to be safe you should change passwords. That allows them to continue investigating the breach and give a full update when they have it and still let the customers protect themselves as quick as quickly.
 

Artemicion

Need superslick, Kupo.
Dec 7, 2009
527
0
0
Somethingfake said:
I don't really see why they waited four days. They could still advise that because something funky is going on, that to be safe you should change passwords. That allows them to continue investigating the breach and give a full update when they have it and still let the customers protect themselves as quick as quickly.
Maintaining complete transparency during an investigation will make solving it more difficult. It would throw the userbase into a panic, which would create increased traffic on the servers, and several groups would likely take credit for the attack (as they've been known to do). Remaining open about how one's company operates is generally a good thing, but maintaining the company's information confidentiality, integrity and availability should always take priority.
 

Genocidicles

New member
Sep 13, 2012
1,747
0
0
I know this is bad and all (I've backed several things on there myself)... but I just cant take this seriously because of that ridiculous stock photo. I just get the giggles every time I look at it.
 

LordLundar

New member
Apr 6, 2004
962
0
0
soulfire130 said:
Well that stinks. So much hacking going on recently. Either security is not as good anymore or hackers are really working hard.
Security will always be in second place because it can't protect against what isn't known. Build a better mousetrap and you'll get smarter mice.
 

Strazdas

Robots will replace your job
May 28, 2011
8,407
0
0
soulfire130 said:
Well that stinks. So much hacking going on recently. Either security is not as good anymore or hackers are really working hard.
As was shown back when people tried to hack Paypal, you can actually run a service with no security and if it gets breached sue the hacker for the money it costs to upgrade security and win the court case. so i guess more companies want free security upgrades too!

Yeah, but most people in the business really got no idea how to do things securely enough against professional hackers. ANd even then you are never completely safe. People do break even into pentagon database.