Kickstarter has been hacked - Users Urged to change passwords immediately

[WYP]

On Wednesday Kickstarter, a popular crowd funding site, was alerted to the presence of hackers by local law enforcement.

While no credit card information was accessed, customer information including; usernames, passwords, email addressed, mailing addresses and phone numbers were taken.

Kickstarter urge all of their users to change their passwords on their site and others which use the same password. So far only two accounts have been found to have had any unauthorised activity reported.

Kickstarter CEO Yancey Stricter issued this apology;

We’re incredibly sorry that this happened. We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come. We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again.

Kickstarter is a vibrant community like no other, and we can’t thank you enough for being a part of it. Please let us know if you have any questions, comments, or concerns. You can reach us at accountsecurity@kickstarter.com.

The security breach is now reported to have been fixed. It is concerning that Kickstarter had waited until now to announce that they had been hacked, I ,like all other Kickstarter users should, wonder why they had neglected to do so for so long?

I for one am angered that my account had lacked the protection of a password for 3 whole days.

I urge everyone here whom uses Kickstarter to work on changing their passwords immediately and look for any signs of activity which was not your own.

Source - Kickstarter

 

[CrazyTeeka]

Thanks for the heads up, goes to fix up my account. ^_^

 

[Snortan]

Just like many other businesses who are afraid to come out and say that they've been hacked, instead they try to sweep it under the rug and hope they fix it fast, worst case scenario they will admit to it.
There should be some penalties for cases like these.

 

[CrazyTeeka]

Meh! Its taking its sweet time, emailing a password reset.

 

[yassarikhan786]

Meh! Its taking its sweet time, emailing a password reset.

You should have just logged in and changed your password from there. It took less than a minute for me.

 

[CrazyTeeka]

Account secured. ^_^

 

[NeverBackDown]

I don't own any kickstarter account but if i did i would be tempted to change my email,password, and IP address so they can't trace it back to me.. but thats just me

 

[SeekaX]

ah well, was time to get some special characters in my password anyways.

 

[d3rrial]

Whats even more of a scandal: Why did they store the passwords unencrypted?

 

[Snortan]

Who said they did? Old passwords were stored as salted SHA1 hashes and new ones were secured using bcrypt.

 

[yassarikhan786]

Whats even more of a scandal: Why did they store the passwords unencrypted?

Encrypted passwords and other information was stolen. Credit card info is safe.

 

[NeverBackDown]

Encrypted passwords and other information was stolen. Credit card info is safe.

Rather have that safe than anything else tbh.

Also its not that hard to get by encrpytions smaller than 256bit if you know what you are doing. At least thats what i have been told...