The Kickstarter website has had their user data stolen, including hashed passwords.

Please make sure that any passwords you have used over at Kickstarter, for any project, do not match your passwords used anywhere else.

http://images3.wikia.nocookie.net/__cb20100912145918/southpark/images/7/7e/411_money.gif

sad bad day today

On Wednesday night, law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers' data. Upon learning this, we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system.

No credit card data of any kind was accessed by hackers. There is no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts.

While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one.

As a precaution, we strongly recommend that you create a new password for your Kickstarter account, and other accounts where you use this password.

To change your password, log in to your Kickstarter account and look for the banner at the top of the page to create a new, secure password. We recommend you do the same on other sites where you use this password. For additional help with password security, we recommend tools like 1Password and LastPass.

We’re incredibly sorry that this happened. We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come. We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again.

Kickstarter is a vibrant community like no other, and we can’t thank you enough for being a part of it. Please let us know if you have any questions, comments, or concerns. You can reach us at accountsecurity@kickstarter.com.

Thank you,

Yancey Strickler
Kickstarter CEO

https://www.kickstarter.com/blog/important-kickstarter-security-notice


Should never use a password across multiple websites, but if you do, make sure you change any that were the same or similar to your Kickstarter password.

sad day for my junk e-mail address

inc nigeria spam gg

is that why pantheon drive failing so bad? :D

Brad McRad, "trollololololol"

is that why pantheon drive failing so bad? :D

i very much doubt thats the reason. although the pledge balance has dropped a few thousand today.

"No credit card data of any kind was accessed by hackers."

Didn't Target say virtually the exact same thing a little while back, then get caught up in a media frenzy when it turned out the company had lied to save face and thousands of people's credit information was stolen?

I am not insinuating Kickstarter is lying or anything, just that it would be unwise to simply assume everything is perfectly fine based on a statement intended as damage control. If the site had your financial information, it is better to be safe than sorry and keep an eye on your credit just in case.

That's a shame...

Obviously Kickstarter's not gonna release what they're using to hash. But even when LinkedIn got hacked, a technology based site you think would at least use a fucking salt, it was just a straight unsalted sha1 hash.

Hopefully they had a good hashing algorithm. I wonder how hard is it to compute even semi-usable rainbow tables for a salted sha256 password hash? The 256+ algorithms have no discovered collisions (last I read).

Oops

I wonder how hard is it to compute even semi-usable rainbow tables for a salted sha256 password hash? The 256+ algorithms have no discovered collisions (last I read). anythings possible now with GPUs

Very weird that only 2 accounts were confirmed to be messed with, sounds personal imo.

thanks obama

Rogean shouldn't you be working on Verious instead of hacking kickstarter?????

lol you nerds supporting brad McRad for early velious access on a 14 year old elf sim. Got what was coming to ya.

anythings possible now with GPUs

This

the rainbows will have all ur hashes unsecure

protip: never use a password you care about for websites on the internet

basic internets 101 its 2014 people

Change your email passwords if they happened to be match.

Give me someones primary email and you've given me their life savings.

hgahahahahhahahahahahahahahahahahhaahhahhahahahaha !!!!!!!111112

Will we still get the rewards for donating if they don't reach their 800k target?

If I do donate what do I need to do different to normal just password and e-mail? What with the hacking....

http://i.imgur.com/Fb2Q2DX.png

Congratulations on your success agent. Thank you for working for Indiegogo.