Kickstarter Resets Passwords After Data Breach at Crowd-Funding Site | eWeek

Kickstarter Resets Passwords After Data Breach at Crowd-Funding Site

Kickstarter Resets Passwords After Data Breach at Crowd-Funding Site
Écrit par
Robert Lemos
Robert Lemos
Feb 19, 2014
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Micro-investing site Kickstarter acknowledged on Feb. 15 that attackers had compromised the company’s systems and accessed users’ personal data, including names, addresses, phone numbers and encrypted passwords.

An unnamed law enforcement agency contacted the company on Feb. 12, revealing to the firm that its systems had been breached. In a statement sent to users, Yancey Strickler, CEO of Kickstarter, apologized for the security lapse, but stressed that no credit-card information had been accessed by the attackers and the passwords had been encrypted.

“Actual passwords were not revealed,” Strickler said. “However, it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one.”

Suffering a breach has almost become a rite of passage for online services. In the past two years, online firms that suffered major compromises include file-sharing site Dropbox, cloud-storage site Evernote, business-networking site LinkedIn, group-discount site Living Social, global news and analysis site Stratfor, and question-and-answer forum Yahoo Voices, to name just a few.

While LinkedIn faced a $5 million class-action lawsuit, since dismissed, for failing to properly hash user passwords, Kickstarter has apparently done most everything right, Patrick Thomas, security consultant at Neohapsis, stated in a blog post. The company notified its users within a few days of learning about the breach, used fairly strong password security and only stored limited data on their users, he said.

“Kickstarter appears to have done a pretty good job in handling user passwords, though not perfect,” Thomas said. “Password reuse across different websites continues to be one of the most significant threats to users and a breach like this can often lead to ripple effects against users if attackers are able to obtain account passwords.”

In an update to its original post, the company stated that older user passwords were hashed and uniquely salted with SHA-1, an algorithm known to have weaknesses, newer passwords were secured with the stronger bcrypt hashing function. In addition, the company did not store full credit-card numbers, so financial information was not at risk. Kickstarter recommended that all users change their password. CEO Strickler apologized to users for the breach.

“We set a very high bar for how we serve our community, and this incident is frustrating and upsetting,” he said. “We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come. We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.