|
Your continuous donations keep RPGWatch running!
RPGWatch Forums » Comments » News Comments » Kickstarter - Hacked Last Week

Default Kickstarter - Hacked Last Week

February 17th, 2014, 20:42
Kickstarter was hacked last Wednesday, and they have an official statement on the site. I'll leave this up for a few days so people can change their passwords.

On Wednesday night, law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers' data. Upon learning this, we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system.

No credit card data of any kind was accessed by hackers. There is no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts.

While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one.

As a precaution, we strongly recommend that you create a new password for your Kickstarter account, and other accounts where you use this password.

To change your password, log in to your Kickstarter account and look for the banner at the top of the page to create a new, secure password. We recommend you do the same on other sites where you use this password. For additional help with password security, we recommend tools like 1Password and LastPass.

We’re incredibly sorry that this happened. We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come. We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again.

Kickstarter is a vibrant community like no other, and we can’t thank you enough for being a part of it. Please let us know if you have any questions, comments, or concerns. You can reach us at accountsecurity@kickstarter.com.

Thank you,

Yancey Strickler
Kickstarter CEO
More information.

"We must stand strong my fellow watchers against the horde of red trolls."- The Couchpotato
Couchpotato is offline

Couchpotato

Couchpotato's Avatar
LazyGamer
RPGWatch Team

#1

Join Date: Oct 2010
Location: Potato Land
Posts: 9,550

Default 

February 17th, 2014, 20:42
I know this is a few days late but we had a forum topic started in the forums. Thanks to a few members writing I should post it on the front page here it is.

"We must stand strong my fellow watchers against the horde of red trolls."- The Couchpotato
Last edited by Couchpotato; February 17th, 2014 at 22:22.
Couchpotato is offline

Couchpotato

Couchpotato's Avatar
LazyGamer
RPGWatch Team

#2

Join Date: Oct 2010
Location: Potato Land
Posts: 9,550

Default 

February 17th, 2014, 21:03
Don't forget for those who used kickstarter, to not just change your password there, but change it everywhere else you used that same password.

Better yet, use a different password per-site. Use a tool like KeePass to generate a unique password per site (and use a really strong, 5+ word password to access your KeePass file).

Sites will keep getting hacked - the hackers are getting much more aggressive and skilled and keeping per-site passwords will minimize the damage that is done (to you) when a site you use gets compromised.
Caidh is offline

Caidh

SasqWatch

#3

Join Date: Oct 2011
Location: New Paltz, NY
Posts: 149

Default 

February 17th, 2014, 21:11
Well, I even use separate email account for almost every site. Thanks to owning a domain I can make infinite email accounts.

It's a fact of life, but it's still a hassle.
JuliusMagnus is offline

JuliusMagnus

Indulgent Wastrel

#4

Join Date: Oct 2006
Posts: 405

Default 

February 18th, 2014, 01:37
I read that there security around pwd was extremely poor. I wish they would admit it rather than talk about how seriously they take security…
you is offline

you

Lazy_dog
RPGWatch Donor

#5

Join Date: Oct 2006
Location: usa
Posts: 414

Default 

February 18th, 2014, 05:19
Care to elaborate on the poor security? Did they store in clear text or something ( thought they address that point)? Its not like this site has financial information in it but it does have personal contact information as do most websites as well as donation information.

Anyway I use PassSafe to generate passwords for each site separately and changed it anyway.
figment is offline

figment

figment's Avatar
Sentinel
RPGWatch Donor

#6

Join Date: Apr 2010
Posts: 514

Default 

February 18th, 2014, 08:34
Unsalted
you is offline

you

Lazy_dog
RPGWatch Donor

#7

Join Date: Oct 2006
Location: usa
Posts: 414

Default 

February 18th, 2014, 23:08
Unsugared, too ?

“ Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius – and a lot of courage – to move in the opposite direction.“ (E.F.Schumacher, Economist, Source)
Alrik Fassbauer is offline

Alrik Fassbauer

Alrik Fassbauer's Avatar
TL;DR

#8

Join Date: Nov 2006
Location: Old Europe
Posts: 15,980

Default 

February 18th, 2014, 23:32
He means this salt.
rjshae is offline

rjshae

Bob
RPGWatch Donor

#9

Join Date: Mar 2012
Posts: 1,413

Default 

February 18th, 2014, 23:42
Originally Posted by you View Post
Unsalted
Kickstarter disagree with your rumor mongering.

How were passwords encrypted?

Older passwords were uniquely salted and digested with SHA-1 multiple times. More recent passwords are hashed with bcrypt.
They should have forced people to change their password when they moved to bcrypt though.
azarhal is offline

azarhal

SasqWatch
RPGWatch Donor

#10

Join Date: Oct 2007
Posts: 2,513
RPGWatch Forums » Comments » News Comments » Kickstarter - Hacked Last Week
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT +2. The time now is 14:24.
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Copyright by RPGWatch