All the latest UK technology news, reviews and analysis

Kickstarter hit by hackers as usernames and passwords stolen

17 Feb 2014
Kickstarter front page

Hackers have stolen customer information from crowdfunding site Kickstarter, marking the latest wave in the ongoing cybercrime pandemic.

Kickstarter CEO Yancey Strickler confirmed the data breach in a statement, promising affected customers that their bank details were not compromised during the raid.

"On Wednesday night, law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorised access to some of our customers' data," read the statement.

"No credit card data of any kind was accessed by hackers. There is no evidence of unauthorised activity of any kind on your account."

Strickler said the hackers did manage to steal some customer details during the raid, but promised that most accounts should remain safe as key items, such as passwords, were encrypted.

"While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers and encrypted passwords," read the statement.

"Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one."

He added that users should change their passwords as a precautionary measure.

Trend Micro vice president of security research Rik Ferguson told V3 that while encryption will offer protection to Kickstarter customers using complex passwords, some users could still be vulnerable.

"It does look like it was a unique salt and multiple passes of the SHA-1 hashing algorithm, which while not the best is certainly still relatively resistant to rainbow table-based attacks, meaning the recipient of the data will be forced to try brute force," he said.

"[This] of course [means] that those passwords which are least complex will be first to fall. Unfortunately we have seen abundant evidence that far too many internet users are still choosing simple passwords."

Check Point's UK managing director Keith Bird added that the breach could be doubly dangerous as hackers could use it as an opportunity to target Kickstarter customers with follow-up phishing attacks.

"Users should be very cautious about clicking on links in any follow-up emails that they receive that appear to come from Kickstarter or related organisations, no matter how plausible the emails appear to be. There's a real risk that the details stolen in the hack may be used in phishing attacks to try and harvest more personal data," he said.

Strickler said Kickstarter is working with law enforcement to catch the hackers and is implementing a wave of new measures to improve its security to protect its customers from further attacks.

"We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come. We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again," he said.

Kickstarter is one of many companies to experience data breaches in recent weeks. Hackers compromised 2,239 Tesco customer accounts during a cyber raid earlier in February.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

Work location poll - office, remote or home?

Where do you spend most time working on your primary work device?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Beacon technology: what are the opportunities and how does the technology work?

This paper seeks to provide education and technical insight to beacons, in addition to providing insight to Apple's iBeacon specification


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Head of Digital Product Management

Head of Digital Product Management is required for a...

Front End UI / UX Developer - HTML5 - Big Data Analytics

Front End UI / UX Developer - HTML5 - Big Data Analytics...

Software Trainer - Marketing Data Analysis & Automation Software

Software Trainer - Marketing Data Analysis & Automation...

Technical Support Consultant -SQL- Marketing Analysis/Automation

SaaS / Technical Support Consultant - SQL - Marketing...
To send to more than one email address, simply separate each address with a comma.