Kickstarter Hacked, Customer Data Accessed

Posted by at 12:26 pm on February 17, 2014

Kickstarter LogoCustomer data from popular crowd-funding site Kickstarter, famous for helping launch the Ouya and Pebble smart watch, has been taken by hackers, the company has revealed. Usernames, e-mail addresses, mailing addresses, phone numbers, and encrypted passwords of a number of accounts were accessed in the intrusion, though the company stresses in a blog post that payment information, such as partial credit card numbers, were not taken in the attack.

It was not revealed how the site was breached, but it is said that the vulnerability was closed on Wednesday after law enforcement officials contacted Kickstarter. The extent of the attack appears to be minimal as a later update states that just two accounts were compromised, with the company helping the account holders secure their details, but the company is still taking precautions in case more are affected.

Since passwords were taken in the intrusion, Kickstarter CEO Yancey Strickler strongly recommends “that you create a new password for your Kickstarter account, and other accounts where you use this password.” Older passwords were “uniquely salted and digested with SHA-1 multiple times,” with newer passwords hashed with bcrypt. Full credit card numbers were not stored on the site, except for the last four digits and expiry dates of credit cards for users outside of the US, but this was not accessed. The site has also reset all Facebook credentials as an extra precaution, with users of the social network’s login feature needing to reconnect their account.

The hacking of Kickstarter comes after a number of other high-profile intrusions in recent months.

Leave a Reply

Sign Up For Our Newsletter

Sign up to receive breaking news
as well as receive other site updates

Enter your Email

Preview | Powered by FeedBlitz

Log in

Copyright © 2008 - 2020 · StreetCorner Media , LLC· All Rights Reserved ·