Passwords, Other Information Taken in Kickstarter Data Breach but Credit Cards Safe
posted Sunday Feb 16, 2014 by Nicholas DiMeo
When things are popular, they get hacked. Last Wednesday was no exception for the crowd-funding site Kickstarter, as the company officially announced on Saturday that it fell victim to a security breach where passwords and other user data were stolen from the site.
Thankfully no credit card information was taken, though email addresses, usernames, mailing addresses, phone numbers and encrypted passwords were snatched up during the breach.
In the blog post, Kickstarter said,
While no credit card data was accessed, some information about our customers was... Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one.
Obviously everyone should change their passwords here, and also change any other place where you use the same password or a slight variant. Kickstarter has offered solutions for those needing to securely store passwords and has encouraged users to select different passwords for each site they use. Those using Facebook to connect to Kickstarter need not worry, as the site reset all Facebook login credentials.
Additionally, Kickstarter recognized two users' accounts who were compromised and have reached out to them to secure their accounts.
Kickstarter ended its blog post by apologizing for what happened.
We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come. We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again.
Again, with data breaches and hacks becoming a more common occurrence, people everywhere should take these situations as lessons in online protection and make sure they do everything in their power to protect their accounts. Systems like two-step authorization or device recognition can go a long way to ensure your data is safe and changing up your passwords frequently is highly recommended.