Kickstarter hacked
February 15, 2014 8:51 PM Subscribe
Kickstarter suffered a data breach that may have led to the disclosure of personal information.
"While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one."
"While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one."
This post was deleted for the following reason: This seems more like a PSA than a Metafilter post. -- restless_nomad
I'm not sure how this is any more FPP-worthy than any other data breach announcement.
posted by a box and a stick and a string and a bear at 8:58 PM on February 15, 2014
posted by a box and a stick and a string and a bear at 8:58 PM on February 15, 2014
Just assume every online service is compromised or will be.
posted by stbalbach at 8:59 PM on February 15, 2014
posted by stbalbach at 8:59 PM on February 15, 2014
however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one.
Does this imply that the encrypted passwords were not salted? If so, where do these highflying Internet startups dig up the jackasses who don't understand basic security measures?
posted by alms at 9:04 PM on February 15, 2014
Does this imply that the encrypted passwords were not salted? If so, where do these highflying Internet startups dig up the jackasses who don't understand basic security measures?
posted by alms at 9:04 PM on February 15, 2014
Drug site Silk Road wiped out by Bitcoin glitch
The underground website's anonymous administrator told users Thursday evening that attackers had made off with all of the funds it held in escrow. Silk Road serves as a middleman between buyers and sellers, temporarily holding on to funds in its own accounts during a deal. Buyers put their money into Silk Road's accounts, and sellers withdraw it.
At the time of the attack, here were about 4,440 bitcoins in Silk Road's escrow account, according to computer security researcher Nicholas Weaver.
posted by 445supermag at 9:04 PM on February 15, 2014
The underground website's anonymous administrator told users Thursday evening that attackers had made off with all of the funds it held in escrow. Silk Road serves as a middleman between buyers and sellers, temporarily holding on to funds in its own accounts during a deal. Buyers put their money into Silk Road's accounts, and sellers withdraw it.
At the time of the attack, here were about 4,440 bitcoins in Silk Road's escrow account, according to computer security researcher Nicholas Weaver.
posted by 445supermag at 9:04 PM on February 15, 2014
No, the passwords were reasonably stored.
https://www.kickstarter.com/blog/important-kickstarter-security-notice
> Older passwords were uniquely salted and digested with SHA-1 multiple times. More recent passwords are hashed with bcrypt.
posted by yeahwhatever at 9:07 PM on February 15, 2014
https://www.kickstarter.com/blog/important-kickstarter-security-notice
> Older passwords were uniquely salted and digested with SHA-1 multiple times. More recent passwords are hashed with bcrypt.
posted by yeahwhatever at 9:07 PM on February 15, 2014
I'm not sure how this is any more FPP-worthy than any other data breach announcement.'
While I had already heard this, I'm pretty okay with being told via Metafilter when something like this happens.
posted by kafziel at 9:07 PM on February 15, 2014
While I had already heard this, I'm pretty okay with being told via Metafilter when something like this happens.
posted by kafziel at 9:07 PM on February 15, 2014
Also the prevailing wisdom currently is that SR2 guy just ran off with the money, est. at 2.7million. There are multiple explanations around the web of how their "we got hacked" story doesn't hold up.
posted by yeahwhatever at 9:11 PM on February 15, 2014
posted by yeahwhatever at 9:11 PM on February 15, 2014
« Older Sleep Sweet, Sweetums | Where I See Fashion Newer »
This thread has been archived and is closed to new comments
posted by oneswellfoop at 8:57 PM on February 15, 2014