U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Hacking

The crowd-funding site Kickstarter has been Hacked

The crowd-funding site Kickstarter has been Hacked! The company suggested to its users to change their password. The popular crowd funding website Kickstarter is the last victim of a data breach, all the users are invited to change their passwords to avoid further problems. The news has been confirmed by the CEO of Kickstarter, Yancey Strickler, that revealed the company has […]

The crowd-funding site Kickstarter has been Hacked

The crowd-funding site Kickstarter has been Hacked! The company suggested to its users to change their password.

The popular crowd funding website Kickstarter is the last victim of a data breach, all the users are invited to change their passwords to avoid further problems. The news has been confirmed by the CEO of Kickstarter, Yancey Strickler, that revealed the company has been hacked by an unknown hacker last week.

Kickstarter is a platform for raising funds for a private project, users pledge a variable amount of money in return for certain levels of rewards from the project owner. During the account creation phase supporters provide their credit card information, the data is used to charge the cards once a specific project they have supported reaches its funding goal.

Kickstarter

Kickstarter published an official announcement confirming the data breach and highlighting that no credit card information was stolen, the hackers have stolen users’ personal information, but the company hasn’t found evidence of unauthorized activities on accounts.

“On Wednesday night, law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers’ data. Upon learning this, we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system.

No credit card data of any kind was accessed by hackers. There is no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts.

While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one.”

Kickstarter has more than 5.9 million registered users, despite the company hasn’t provided information on how many accounts were compromised, it is clear that the situation could be very serious.

Data stolen by hackers included usernames, phone numbers, email addresses, mailing addresses and encrypted passwords of the users. 

Kickstarter’s team member confirmed that older users’ passwords were encrypted using salted SHA1 algorithm and newer users’ passwords are encrypted with a stronger hashing algorithm called ‘bcrypt’.

As usual it is recommended to the victims to change passwords on Kickstarter and on any other web service that share same credentials to avoid a domino effect, hackers could attempt to crack the encrypted passwords.

Despite Kickstarter was notified Wednesday night, people were informed on Saturday because the company preferred to immediately closed the breach and notify everyone as soon they had thoroughly investigated the situation.

For those users the log in to Kickstarter with Facebook there are no problems, as a precaution the company has reset all Facebook login credentials so it is enough for the users to reconnect when they come to Kickstarter.

Stay tuned!

Pierluigi Paganini

(Security Affairs –  Kickstarter, data breach)