Stories
Slash Boxes
Comments

SoylentNews is people

posted by Cactus on Sunday February 16 2014, @03:36AM   Printer-friendly [Skip to comment(s)]
from the hackers-want-crowdfunding-too dept.
stderr writes:

According to a recent announcement, the crowdfunding site Kickstarter has been hacked. Kickstarter states that there was no credit card information stolen and that all unauthorized activity has been limited to only two accounts.

While the passwords are all salted and encrypted (either using SHA-1 or bcrypt), a weak password might still be hacked. Users are strongly advised to change their passwords on Kickstarter and any other site where they use the same passwords.

Further information can be found at the Kickstarter blog.

Related Stories

End of Day 1: Systems Update 149 comments

So, as I write this, day one has officially come to an end. I'm still somewhat in shock over it. Last night when I was editing the database to change over hostnames and such, I was thinking, man, it would be great if we got 100 regular users by tomorrow. Turns out I was wrong. By a factor of ten. Holy cow, people. I'm still in a state of disbelief, partially due to the epic turnout, but also because our very modest server hardware hasn't soiled itself from the influx (the numbers are, well, "impressive" is a way to put it). Anyway, I wanted to do a bit of a writeup of where we stand now, what works, and what doesn't. Check it out (and some raw numbers) after the break! Warning, it is a bit lengthy.

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Funny) by The Mighty Buzzard on Sunday February 16 2014, @03:39AM

    Anyone hacking type who wasn't trying to hit kickstarter is a damned moron. One good dump from their records would be better than the Target hack ever thought of being.
    --
    My rights don't end where your fear begins.
    • (Score: -1) by Anonymous Coward on Sunday February 16 2014, @06:54AM

      by Anonymous Coward on Sunday February 16 2014, @06:54AM (#215)
      This is a test post, but I agree. Go for where the disposable income is >$^)
  • (Score: 5, Funny) by clone141166 on Sunday February 16 2014, @04:22AM

    by clone141166 (59) on Sunday February 16 2014, @04:22AM (#200)
    They should start a crowd-funded campaign to fix their security flaws...
    • (Score: 5, Funny) by mattie_p on Sunday February 16 2014, @05:40AM

      by mattie_p (13) on Sunday February 16 2014, @05:40AM (#208) Journal
      I heard they tried and didn't meet their kickstarter goal.
  • (Score: 3, Informative) by Khyber on Sunday February 16 2014, @06:31AM

    by Khyber (54) on Sunday February 16 2014, @06:31AM (#213) Journal

    " Kickstarter states that there was no credit card information stolen and that all unauthorized activity has been limited to only two accounts."

    That activity came from my two test accounts. I saw vulnerabilities my old website dealt with two years ago, and tried to harmlessly test them between two of my separate accounts. It worked. KS was notified and advised to stop those two accounts while I tried variations of the PCI-DSS flaw (that they'll ding you for even though it's their security fault.)

    It's not a serious flaw, really. Only deals with non-USD transactions from what I've been able to tell. Not sure if this will affect bitcoin transactions on site or not.

    --
    Destroying Semiconductors With Style Since 2008, and scaring you ill-educated fools since 2013.
    • (Score: 1) by Maow on Sunday February 16 2014, @07:17AM

      by Maow (8) on Sunday February 16 2014, @07:17AM (#217) Homepage

      " Kickstarter states that there was no credit card information stolen and that all unauthorized activity has been limited to only two accounts."

      That activity came from my two test accounts. I saw vulnerabilities my old website dealt with two years ago, and tried to harmlessly test them between two of my separate accounts. It worked. KS was notified and advised to stop those two accounts

      That doesn't jive with the link's claim:

      law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers' data.

      This would seem odd if real hackers were attempting a breach though, which does mesh with your version:

      There is no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts.

  • (Score: 0, Offtopic) by Anonymous Coward on Sunday February 16 2014, @07:17AM

    by Anonymous Coward on Sunday February 16 2014, @07:17AM (#218)
    test
    • (Score: 2, Interesting) by soulde on Sunday February 16 2014, @07:31AM

      by soulde (27) on Sunday February 16 2014, @07:31AM (#219)
      testing this captcha if it's working, good work, ncom
      • (Score: -1, Troll) by combatserver on Sunday February 16 2014, @07:59AM

        by combatserver (38) on Sunday February 16 2014, @07:59AM (#225)

        Ok, we need some DOWNWARD mod testing. *Takes one for the team*

        9/11 was NOT an inside job, and I have proof!

        --
        I hope I can change this later...
  • (Score: -1, Troll) by Anonymous Coward on Sunday February 16 2014, @08:28AM

    by Anonymous Coward on Sunday February 16 2014, @08:28AM (#231)
    Obviously, the Jews were behind it because they want to cuntroll ALL the moneys just like they do Hollywood. Also, Jews are responsible for Beta. If the Nazis had won, we wouldn't have Beta. Now who's the bad guy?
    • (Score: -1, Troll) by Anonymous Coward on Sunday February 16 2014, @08:31AM

      by Anonymous Coward on Sunday February 16 2014, @08:31AM (#232)
      ps, Troll test.
      • (Score: 1) by mattie_p on Sunday February 16 2014, @09:12AM

        by mattie_p (13) on Sunday February 16 2014, @09:12AM (#247) Journal
        Rocket scientist of the year, right here!