Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.
Escapist logo header image
Category:
News

Kickstarter Hacked, Customer Information Compromised

Image of Steven Bogos Legacy Author
Steven Bogos Legacy Author
|

Published: Feb 16, 2014 02:48 am

This article is over 10 years old and may contain outdated information
cybercrime

Kickstarter, the major crowdfunding service for video games and more, has been hacked.

Well, we’ve got another big name corporation to add to the “has been hacked” list, and this time it’s crowdfunding giant Kickstarter. Kickstarter has announced on its blog that hackers had found their way into certain parts of its database last Wednesday. The good news is that no credit-card or payment info was accessed, but the bad news is that some customer’s usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords were.

“We’re incredibly sorry that this happened. We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come. We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again.”

Kickstarter stresses that only encrypted passwords, and not actual passwords, were accessed, but added that “it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one.” It suggested as a precaution that everyone change their password, just to be safe.

Furthermore, Kickstarter was happy to answer some of the most frequent questions it was getting from its customers on its blog, specifically:

  • Passwords were protected in one of two ways. Old passwords were salted and hashed with the SHA-1 protocol and newer passwords were hashed with bcrypt
  • It took 4 days to alert customers because they had to wait until they’d “thoroughly investigated the situation.”
  • Two accounts showed (unspecified) unauthorized activity; both of those accounts have been re-secured.
  • If you use Facebook to login to Kickstarter, the company says your FB account hasn’t been compromised. They’ve reset all Facebook tokens, which severs any ties Kickstarter has to your Facebook account until you manually give it permission again.

Source: Kickstarter Blog via Tech Crunch

Recommended Videos
The Escapist is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission.Ā Learn more about our Affiliate Policy
related content
Author
Image of Steven Bogos Legacy Author
Steven Bogos Legacy Author