According to a recent announcement, the crowdfunding site Kickstarter has been hacked. Kickstarter states that there was no credit card information stolen and that all unauthorized activity has been limited to only two accounts.
While the passwords are all salted and encrypted (either using SHA-1 or bcrypt), a weak password might still be hacked. Users are strongly advised to change their passwords on Kickstarter and any other site where they use the same passwords.
Further information can be found at the Kickstarter blog.
(Score: 3, Informative) by Khyber on Sunday February 16 2014, @06:31AM
" Kickstarter states that there was no credit card information stolen and that all unauthorized activity has been limited to only two accounts."
That activity came from my two test accounts. I saw vulnerabilities my old website dealt with two years ago, and tried to harmlessly test them between two of my separate accounts. It worked. KS was notified and advised to stop those two accounts while I tried variations of the PCI-DSS flaw (that they'll ding you for even though it's their security fault.)
It's not a serious flaw, really. Only deals with non-USD transactions from what I've been able to tell. Not sure if this will affect bitcoin transactions on site or not.
Destroying Semiconductors With Style Since 2008, and scaring you ill-educated fools since 2013.
(Score: 1) by Maow on Sunday February 16 2014, @07:17AM
That doesn't jive with the link's claim:
This would seem odd if real hackers were attempting a breach though, which does mesh with your version: