It has become somewhat of a routine to come across at least one high-profile hacking incident every month or so. This time it’s KickStarter which was recently breached by hackers who were then able to steal the data of an unknown number of customers.
In an official blog post from KickStarter today, the company revealed that its security defenses had been breached. What reflects rather poorly on KickStarter is that it didn’t realize that the hack had happened until law enforcement officials contacted the company and stated that hackers had the data of an unknown number of KickStarter customers.
According to the company, as soon as it was alerted of this, it patched up the breach and improved the security systems across the board. What is somewhat relieving to note is that the hackers couldn’t lay their hands on the credit card data of the customers.
What they were able to make away with includes the email addresses, usernames, phone numbers, mailing addresses as well as encrypted passwords of customers. The company hasn’t exactly revealed the number of customers which are affected by this breach, neither that how did the breach occur.
According to the CEO of the company, Yancey Strickler, “We’re incredibly sorry that this happened. We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come.”
It is worth nothing here that according to KickStarter, “Older passwords were uniquely salted and digested with SHA-1 multiple times. More recent passwords are hashed with bcrypt.” Now that the hackers have encrypted passwords, they may or may not be able to decrypt them depending upon the encryption method used. It would also appear that the accounts of at least users were compromised as a result of the breach, although KickStarter has confirmed that their accounts have been secured.
In the post, Strickler says that all KickStarter users are strongly recommended to reset their passwords for KickStarter accounts. That is certainly a no-brainer for all KickStarter users.