Stories
Slash Boxes
Comments

Dev.SN ♥ developers

posted by Cactus on Saturday February 15 2014, @11:36PM   Printer-friendly
from the hackers-want-crowdfunding-too dept.
stderr writes:

According to a recent announcement, the crowdfunding site Kickstarter has been hacked. Kickstarter states that there was no credit card information stolen and that all unauthorized activity has been limited to only two accounts.

While the passwords are all salted and encrypted (either using SHA-1 or bcrypt), a weak password might still be hacked. Users are strongly advised to change their passwords on Kickstarter and any other site where they use the same passwords.

Further information can be found at the Kickstarter blog.

Related Stories

End of Day 1: Systems Update 149 comments

So, as I write this, day one has officially come to an end. I'm still somewhat in shock over it. Last night when I was editing the database to change over hostnames and such, I was thinking, man, it would be great if we got 100 regular users by tomorrow. Turns out I was wrong. By a factor of ten. Holy cow, people. I'm still in a state of disbelief, partially due to the epic turnout, but also because our very modest server hardware hasn't soiled itself from the influx (the numbers are, well, "impressive" is a way to put it). Anyway, I wanted to do a bit of a writeup of where we stand now, what works, and what doesn't. Check it out (and some raw numbers) after the break! Warning, it is a bit lengthy.

This discussion has been archived. No new comments can be posted.
Display Options Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Funny) by The Mighty Buzzard on Saturday February 15 2014, @11:39PM

    by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@soylentnews.org> on Saturday February 15 2014, @11:39PM (#194) Journal
    Anyone hacking type who wasn't trying to hit kickstarter is a damned moron. One good dump from their records would be better than the Target hack ever thought of being.
    --
    123
    456
    789
    • (Score: -1) by Anonymous Coward on Sunday February 16 2014, @02:54AM

      by Anonymous Coward on Sunday February 16 2014, @02:54AM (#215)
      This is a test post, but I agree. Go for where the disposable income is >$^)
  • (Score: 5, Funny) by clone141166 on Sunday February 16 2014, @12:22AM

    by clone141166 (59) on Sunday February 16 2014, @12:22AM (#200)
    They should start a crowd-funded campaign to fix their security flaws...
    • (Score: 5, Funny) by mattie_p on Sunday February 16 2014, @01:40AM

      by mattie_p (13) on Sunday February 16 2014, @01:40AM (#208) Journal
      I heard they tried and didn't meet their kickstarter goal.
  • (Score: 3, Informative) by Khyber on Sunday February 16 2014, @02:31AM

    by Khyber (54) on Sunday February 16 2014, @02:31AM (#213) Journal

    " Kickstarter states that there was no credit card information stolen and that all unauthorized activity has been limited to only two accounts."

    That activity came from my two test accounts. I saw vulnerabilities my old website dealt with two years ago, and tried to harmlessly test them between two of my separate accounts. It worked. KS was notified and advised to stop those two accounts while I tried variations of the PCI-DSS flaw (that they'll ding you for even though it's their security fault.)

    It's not a serious flaw, really. Only deals with non-USD transactions from what I've been able to tell. Not sure if this will affect bitcoin transactions on site or not.

    --
    Destroying Semiconductors With Style Since 2008
    • (Score: 1) by Maow on Sunday February 16 2014, @03:17AM

      by Maow (8) on Sunday February 16 2014, @03:17AM (#217) Homepage

      " Kickstarter states that there was no credit card information stolen and that all unauthorized activity has been limited to only two accounts."

      That activity came from my two test accounts. I saw vulnerabilities my old website dealt with two years ago, and tried to harmlessly test them between two of my separate accounts. It worked. KS was notified and advised to stop those two accounts

      That doesn't jive with the link's claim:

      law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers' data.

      This would seem odd if real hackers were attempting a breach though, which does mesh with your version:

      There is no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts.

  • (Score: 0, Offtopic) by Anonymous Coward on Sunday February 16 2014, @03:17AM

    by Anonymous Coward on Sunday February 16 2014, @03:17AM (#218)
    test
    • (Score: 2, Interesting) by soulde on Sunday February 16 2014, @03:31AM

      by soulde (27) on Sunday February 16 2014, @03:31AM (#219)
      testing this captcha if it's working, good work, ncom
      • (Score: -1, Troll) by combatserver on Sunday February 16 2014, @03:59AM

        by combatserver (38) on Sunday February 16 2014, @03:59AM (#225)

        Ok, we need some DOWNWARD mod testing. *Takes one for the team*

        9/11 was NOT an inside job, and I have proof!

        --
        I hope I can change this later...
  • (Score: -1, Troll) by Anonymous Coward on Sunday February 16 2014, @04:28AM

    by Anonymous Coward on Sunday February 16 2014, @04:28AM (#231)
    Obviously, the Jews were behind it because they want to cuntroll ALL the moneys just like they do Hollywood. Also, Jews are responsible for Beta. If the Nazis had won, we wouldn't have Beta. Now who's the bad guy?
    • (Score: -1, Troll) by Anonymous Coward on Sunday February 16 2014, @04:31AM

      by Anonymous Coward on Sunday February 16 2014, @04:31AM (#232)
      ps, Troll test.
      • (Score: 1) by mattie_p on Sunday February 16 2014, @05:12AM

        by mattie_p (13) on Sunday February 16 2014, @05:12AM (#247) Journal
        Rocket scientist of the year, right here!