Kickstarter was hacked.

[SunnyD]

Got an email this afternoon... looks like it's legit after logging in to the site.

On Wednesday night, law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers' data. Upon learning this, we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system.

No credit card data of any kind was accessed by hackers. There is no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts.

While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one.

As a precaution, we strongly recommend that you create a new password for your Kickstarter account, and other accounts where you use this password.

To change your password, log in to your Kickstarter account and look for the banner at the top of the page to create a new, secure password. We recommend you do the same on other sites where you use this password. For additional help with password security, we recommend tools like 1Password and LastPass.

We’re incredibly sorry that this happened. We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come. We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again.

Kickstarter is a vibrant community like no other, and we can’t thank you enough for being a part of it. Please let us know if you have any questions, comments, or concerns. You can reach us at accountsecurity@kickstarter.com.

Thank you,

Yancey Strickler
Kickstarter CEO

 

[shortylickens]

They should start a Kickstarter for better security.

 

[JumBie]

They should start a Kickstarter for better security.

lol a kickstarter within a kickstarter thats inception.

 

[BladeVenom]

Everyone needs to change their Kickstarter password.

 

[ImpulsE69]

I changed mine to password. I should be safe now, it's been my password for everything else for a decade and never had issues.

 

[imaheadcase]

If they can guess my password they can have my account. Its autogenerated for each site i visit.

 

[Subyman]

So only two accounts were compromised?

 

[BrightCandle]

I learnt on hacker news that most of the passwords were stored unsalted sha1. Since they got away with the usernames and hashed passwords every single account is compromised already. Doesn't take long to brute force sha1 so those that haven't changed their passwords are open to who ever hacked it.

Kickstarter actually said the passwords were encrypted in their statement, but that was an outright and quite misleading lie. All accounts are compromised due to their idiotically poor password security.

 

[shortylickens]

I learnt on hacker news that most of the passwords were stored unsalted sha1. Since they got away with the usernames and hashed passwords every single account is compromised already. Doesn't take long to brute force sha1 so those that haven't changed their passwords are open to who ever hacked it.

Kickstarter actually said the passwords were encrypted in their statement, but that was an outright and quite misleading lie. All accounts are compromised due to their idiotically poor password security.

Isnt that place supposed to be run by a bunch of nerds?

 

[SithSolo1]

Changed mine this morning.

 

[AdamantC]

Thanks for the heads up.

 

[BrightCandle]

Isnt that place supposed to be run by a bunch of nerds?

Yep its where the smart people hang out.