Kickstarter hacked, account usernames and passwords potentially compromised
posted Monday, February 17, 2014 at 12:32 PM EDT
Here at Imaging Resource, we've profiled a great number of Kickstarters over the last few years, as the crowd funding platform has allowed for an explosion in weird and wonderful photo accessories. However, on Saturday, Kickstarter announced a major security breach, with an unspecified number of accounts having their information stolen.
The good news is that no credit card information was taken in the hack. So, unlike the recent Target breach, the people who broke don't have access to your payment information. However, a great deal of other data were accessed, including usernames and passwords. Kickstarter has stated:
Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one.
Kickstarter recommends changing your password on the site itself, as well as on any other site that uses the same password. Thankfully, the passwords were at least encrypted, which should make it a bit harder for the information to come out. According to Kickstarter, "older passwords were uniquely salted and digested with SHA-1 multiple times. More recent passwords are hashed with bcrypt." That's not to say that information can't be dug up, but it's better than them being in clear text.
If you've backed something on Kickstarter before, you've probably been informed of the hack via an email from the website. If you haven't already done so, go and change your passwords, and we'd suggest looking into a system for generating unique passwords for each site you join, such as LastPass or 1Password, so that if the information is taken from one location, it won't work on another.