Jump to content
Have You Played Atari Today?
2600|5200|7800|Lynx|Jaguar|Forums|Store  
JamesD

Kickstarter security breach

By JamesD, in Modern Console Discussion

Recommended Posts

JamesD

JamesD
Posted

I just received the following email, supposedly from Kickstarter.

It appears legit given the lack of any phishing links that I can see.

 

----------------------

On Wednesday night, law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers' data. Upon learning this, we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system.

 

No credit card data of any kind was accessed by hackers. There is no evidence of unauthorized activity of any kind on your account.

 

While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one.

 

As a precaution, we have reset your Facebook login credentials to secure your account. No further action is necessary on your part.

 

Were incredibly sorry that this happened. We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come. We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again.

 

Kickstarter is a vibrant community like no other, and we cant thank you enough for being a part of it. Please let us know if you have any questions, comments, or concerns. You can reach us at [email protected]

 

Thank you,

 

Yancey Strickler

Kickstarter CEO

Share this post

Link to post
Share on other sites

cimerians

cimerians
Posted

I didnt get any notice at all. When I logged in though I was forced to change my password.

 

Hacking Kickstarter. Of all the places.

 

These bastards need to be burned with a hot poker repeatedly.

Share this post

Link to post
Share on other sites

Reaperman

Reaperman
Posted (edited)

I didnt get any notice at all. When I logged in though I was forced to change my password.

 

Hacking Kickstarter. Of all the places.

 

These bastards need to be burned with a hot poker repeatedly.

Sure, but mostly kickstarter too for letting it happen.

"we immediately closed the security breach" is pretty much code for "we're useless and were begging for it."

 

I closed the account. I can always make another one later, I suppose. I'm not exactly a huge backer, and the one product I did back turned out to be godawful.

 

Luckily it's a password that I use very few places where money is involved.

Edited by Reaperman

Share this post

Link to post
Share on other sites

Mord

Mord
Posted

Luckily it's a password that I use very few places where money is involved.

 

It's for reasons like this that I don't reuse passwords at all.

Share this post

Link to post
Share on other sites

Greg2600

Greg2600
Posted

I only use the KS password on forums (never a site used for purchasing), which if somebody wants to waste the time logging in as me, go figure.

Share this post

Link to post
Share on other sites

desiv

desiv
Posted

Yep, never tied it to any other logins..

Don't use that password combo anywhere..

They can't do anything with that account other than post on the kickstarter forums.

(i.e. They can't sign me up for new kickstarters as that requires a login to my payment system, which is a separate login/pw., etc)

 

Really a lame hack...

 

I am surprised about the facebook thing tho.

I don't use facebook, but why would it matter?

Is Kickstarter caching facebook login/password combos for integrated logins?

I would think they would just be using facebook's auth system? In which case, it shouldn't matter if they aren't caching, unless maybe a trojan got installed and someone was catching the facebook (and other) auth info as it was entered?

 

I also think it's funny when people post saying things like "it never should have happened; they weren't doing their jobs" without knowing what the actually exploit was....

Yep, everyone is a security expert who can lock down any system so tight that no bad guy could get in.. ;-)

If it turns out it was something obvious, I will agree. But not enough info yet.

 

desiv

Share this post

Link to post
Share on other sites

Reaperman

Reaperman
Posted (edited)

I also think it's funny when people post saying things like "it never should have happened; they weren't doing their jobs" without knowing what the actually exploit was....

Yep, everyone is a security expert who can lock down any system so tight that no bad guy could get in.. ;-)

 

Funny you should mention that since I'm pretty close to matching that description. Kickstarter will never let it out what the exploit was. The 'closed it immediately' is pretty telling, though.

Edited by Reaperman

Share this post

Link to post
Share on other sites

desiv

desiv
Posted

Funny you should mention that since I'm pretty close to matching that description.

hmmm...

I find the people who go out of their way to tell you how incredible they are tend to be woefully unaware of how complex the "something" actually is...

Kickstarter will never let it out what the exploit was. The 'closed it immediately' is pretty telling, though.

They might or they might not..

We know how the Target hack has happened now. Yeah, all the information didn't come from Target, but we know anyway.

Of course, being a security expert as you are, I'm sure you are already aware of that. ;-)

 

Luckily it's a password that I use very few places where money is involved.

..

 

Wait, you're a ("pretty close" to anyway) security expert, and your Kickstart account password was tied to accounts where money is involved?????

...

OK

...

 

desiv

Share this post

Link to post
Share on other sites

moycon

moycon
Posted

and ignore

 

Heh pretty soon all your visits to AA will look like this...You have chosen to ignore all posts from: X.

Oh wait you can't read this. Ah well.

 

Seriously folks, update your password and move on. Any real security expert knows it's a constant battle with crummy people being assholes and trying to hack into things. I doubt it'll ever end. (Unless maybe in the future passwords will be some sort of laser retina scan with alternate DNA verification and even then the hackers will just clone eyeballs and DNA strands)

If people can get over the Sony breach they'll get over this in time.

 

Don't give up on Kickstarter! Where would the Mano's Hands of Fate restoration project be without it! Nuff said.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Go To Topic Listing

  • Recently Browsing   0 members

    No registered users viewing this page.

AtariAge
Forums
Store
General
Follow AtariAge

Copyright ©1998-2021 AtariAge

×
×
  • Create New...