Feb 16, 2014 // Andrew Stroup
Kickstarter has reported that on Wednesday night their servers were compromised by hackers (notified by law enforcement officials), gaining access to private customer information. Although Kickstarter reports no credit card information was accessed by the hackers, personal information including email, mailing address, phone numbers and encrypted passwords were taken. The security vulnerability has now been resolved, but the impact to customers is still present.
Kickstarter noted using different salting methodologies, SHA-1 for older users and bcrypt for new users, which has been proven to be a stronger methodology for salting passwords before being transmitted and stored on servers.
Kickstarter notes it’s “incredibly sorry that this happened” and the “incident is frustrating and upsetting.” It has asked for all its users to reset their passwords immediately to prevent any further potential damage.
If you do have a Kickstarter account, we recommend generating a strong password using our password generator and updating any other accounts that may use the same password or variation of the password.
