Kickstarter hacked

dreamers75

On Wednesday night, law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers' data. Upon learning this, we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system.

No credit card data of any kind was accessed by hackers. There is no evidence of unauthorized activity of any kind on your account.

While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one.

As a precaution, we strongly recommend that you change the password of your Kickstarter account, and other accounts where you use this password.

To change your password, log in to your account at Kickstarter.com and look for the banner at the top of the page to create a new, secure password. We recommend you do the same on other sites where you use this password. For additional help with password security, we recommend tools like 1Password and LastPass.

We’re incredibly sorry that this happened. We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come. We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again.

Kickstarter is a vibrant community like no other, and we can’t thank you enough for being a part of it. Please let us know if you have any questions, comments, or concerns. You can reach us at accountsecurity@kickstarter.com.

Thank you,

Yancey Strickler
Kickstarter CEO

I got this email but fairly sure I have never kick started anything

On Gizmodo too

http://gizmodo.com/uh-oh-kickstarters-ceo-yancey-strickler-says-that-the-1523614348

Pushtrak

I log in using facebook, and had an issue where I was being logged out of that a couple of times. Pretty much whenever I refreshed. I changed the password pretty damn quick.

Antar Bolaeisk

Why did it take so long for them to tell us instead of waiting around for a few days just in case the problem went away. Fair enough they may not have immediately know the scope of the hack but they would have known that people should be immediately informed to change their passwords regardless of the extent of information retrieved.

Kickstarter don't even have the date their security was compromised, just the day the police informed them that they were hacked.

The site was hacked, it happens, but companies should be quicker to respond when it does.

nesf

Some more details here: https://www.kickstarter.com/blog/important-kickstarter-security-notice

I'm not hugely affected, I log in through Facebook and even if I didn't the encryption they're using on their password files means only the low hanging fruit should be cracked. The salt isn't important but the multiple hashing with SHA-1 will mean it'll take an unreasonably long time to crack long, non-common, passwords. Anyone using simple word or word + one number passwords needs to change them ASAP, those will be compromised. Everyone else should too, just as a precaution.

Kirby

I'd echo Antar's frustration. I got the email at 8:42am this morning and changed instantly.....but my diligence is irrelevant because the hackers have had my information for at least four days! Why wasn't this sent out immediately? :mad:

TheChrisD

Didn't get any email about this, probably because all of my email options are turned off. Although major security issues such as this should warrant an email regardless of preferences.

Then again my account is a Facebook login, so I'm not worried.