All the latest UK technology news, reviews and analysis


Kickstarter hit by hackers as usernames and passwords stolen

17 Feb 2014
Kickstarter front page

Hackers have stolen customer information from crowdfunding site Kickstarter, marking the latest wave in the ongoing cybercrime pandemic.

Kickstarter CEO Yancey Strickler confirmed the data breach in a statement, promising affected customers that their bank details were not compromised during the raid.

"On Wednesday night, law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorised access to some of our customers' data," read the statement.

"No credit card data of any kind was accessed by hackers. There is no evidence of unauthorised activity of any kind on your account."

Strickler said the hackers did manage to steal some customer details during the raid, but promised that most accounts should remain safe as key items, such as passwords, were encrypted.

"While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers and encrypted passwords," read the statement.

"Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one."

He added that users should change their passwords as a precautionary measure.

Trend Micro vice president of security research Rik Ferguson told V3 that while encryption will offer protection to Kickstarter customers using complex passwords, some users could still be vulnerable.

"It does look like it was a unique salt and multiple passes of the SHA-1 hashing algorithm, which while not the best is certainly still relatively resistant to rainbow table-based attacks, meaning the recipient of the data will be forced to try brute force," he said.

"[This] of course [means] that those passwords which are least complex will be first to fall. Unfortunately we have seen abundant evidence that far too many internet users are still choosing simple passwords."

Check Point's UK managing director Keith Bird added that the breach could be doubly dangerous as hackers could use it as an opportunity to target Kickstarter customers with follow-up phishing attacks.

"Users should be very cautious about clicking on links in any follow-up emails that they receive that appear to come from Kickstarter or related organisations, no matter how plausible the emails appear to be. There's a real risk that the details stolen in the hack may be used in phishing attacks to try and harvest more personal data," he said.

Strickler said Kickstarter is working with law enforcement to catch the hackers and is implementing a wave of new measures to improve its security to protect its customers from further attacks.

"We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come. We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again," he said.

Kickstarter is one of many companies to experience data breaches in recent weeks. Hackers compromised 2,239 Tesco customer accounts during a cyber raid earlier in February.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Tech gifts for Christmas 2014

Is a new tablet on your wish list this festive season, or have they become yesterday’s fad?
12%
23%
14%
7%
44%

Popular Threads

Powered by Disqus
iPhone 6 is available in silver gold and space grey

iPhone 6 video review

The best iOS handset to date

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Business Change Manager (Insurance)

Business Change Manager (Insurance) My client...

.Net Developers - London - 3 Months - Immediate Start

.Net Developers -London - 3 Months - £450 per day - Immediate...

Middleware Specialist (Weblogic/Java/Linux)

A leading Financial Service are looking to hire an experienced...

Technical & Integration Systems Analyst

Roc Search is currently recruiting for a Technical &...
To send to more than one email address, simply separate each address with a comma.