Sections

Kickstarter hacked, credit cart data untouched but password change required

Sunday, 16th February 2014 21:43 GMT By Brenna Hillier

Kickstarter has advised registered users of a security breach, and while it has already taken steps to close the loop and nothing too sensitive was obtained by the hackers, it’s best that you change your password immediately.

kickstarter

Kicvkstarter was alerted to the hack by law enforcement officials on Wednesday last week, and has already both patched the hole the hackers used and begun implementing more rigorous security measures.

The hackers gained access to usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Although the passwords were encrypted, Kickstarter is recommending users change their log-in, as encryption is not impossible to bypass – and you should also refresh your password on any site you use the same log-in details for.

Kickstarter has not detected any fraudulent activity on accounts as a result of the hack, and credit card information was not accessed, thankfully.

“We’re incredibly sorry that this happened. We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come,” Kickstarter wrote.

“We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again.”

Latest

1 Comments

  1. TheWulf

    Sigh. Does no one understand how to properly encrypt data any more? Not only that, but I’d be completely okay with an open source application standard, one shared across the majority of sites, which locks down an account to a user’s computer and IP. Sort of like how Steam very intelligently handles things.

    I’m amazed that this isn’t already a standard, honestly. I’m half tempted to patent the idea, but I know that there are patents for this sort of thing out there already. Yet no product exists. This is silly. [i]One[/i] client application is all you’d need — and instead of typing in a password every time, as insecure as they are, you’d push a button.

    Passwords feel as quaint and outdated at this point as level codes in old 8-bit cartridges, before we had save files. There really needs to be a new standard to replace them, and it wouldn’t even be hard. Until that happens, I’m just going to go on feeling like we’re living in the dark ages.

    Hell, we could even tie it in with a piece of hardware. Keep the specifications open and you could have multiple providers selling their own versions, much like you do with PCs. Push a button on the USB stick, login, boom, done.

    It’s just really silly that we’re still using passwords and poorly encrypted password data. That was fine in the ’90s, but it’s 2014 now. Smartphones have come and almost gone, ready to be replaced by the next big thing.

    Sorry, I just feel the need to talk about this whenever it comes up.

    #1 10 months ago

Comments are now closed on this article.