According to
Kickstarter’s blog post,
on Wednesday night, law enforcement officials contacted Kickstarter and
alerted them that hackers gained unauthorized access to some of it’s
customers data. Kickstarter says that they took all the necessary
security measures and they immediately closed the security breach.
No credit card data of any kind was accessed by hackers.
There is no evidence of unauthorized activity of any kind on all but two
Kickstarter user accounts.
While no credit card data was accessed, some information about their
customers which included usernames, email addresses, mailing addresses,
phone numbers, and encrypted passwords was stolen. In order to prevent
upcoming hacks, the Kickstarter recommends it’s users to change their
passwords as soon as possible with some strong passwords, so the hackers
won’t be able to guess the real password, because them are encrypted.
Right now, if the hackers who accessed the users data have enough
computer power, they can crack the encrypted password.
As a precaution, we strongly recommend that you create a
new password for your Kickstarter account, and other accounts where you
use this password.
Some security measures taken by the Kickstarter Security staff:
- Older passwords were uniquely salted and digested with SHA-1 multiple times. More recent passwords are hashed with bcrypt.
- As a precaution they have reset all Facebook login credentials.
Facebook users can simply reconnect when they come to Kickstarter.
- Kickstarter does not store full credit card numbers. For pledges to
projects outside of the US, we store the last four digits and expiration
dates for credit cards. None of this data was in any way accessed.
No comments:
Post a Comment