|
|
Post by walt on Feb 16, 2014 10:29:21 GMT
I guess that all the ladies that supported the "Hotel Noir" project received that warning email by the Kickstarter homepage? That the Kickstarter homepage was hacked?
As advised I tried to change my password, but I could not login on the Kickstarter homepage. To me it looks like the hacker changed my password already. I tried to contact Kickstarter via their homepage and informed them about my problem. I wonder whether all Rooftop ladies made the same experience? And I'd be grateful for any advise how to proceed in that matter.
|
|
|
|
Post by GreenEyesToo on Feb 16, 2014 16:05:11 GMT
Thank you, Walt. I read of people having problems trying to change their password, but I just tried and there's now no problem. (In fact, I decided to delete my account entirely***) I wonder if maybe last night their site was still on lockdown and that's why access was difficult?
For anyone who hasn't got the e-mail yet, here is the text of the message (NB: bold and underlined sections are as per the message, passages in red are mine:
On Wednesday night, law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers' data. Upon learning this, we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system.
No credit card data of any kind was accessed by hackers. There is no evidence of unauthorized activity of any kind on your account.
While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one.
As a precaution, we strongly recommend that you change the password of your Kickstarter account, and other accounts where you use this password.
To change your password, log in to your account at Kickstarter.com and look for the banner at the top of the page to create a new, secure password. We recommend you do the same on other sites where you use this password. For additional help with password security, we recommend tools like 1Password and LastPass.
We’re incredibly sorry that this happened. We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come. We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again.
Kickstarter is a vibrant community like no other, and we can’t thank you enough for being a part of it. Please let us know if you have any questions, comments, or concerns. You can reach us at accountsecurity@kickstarter.com.
Thank you,
Yancey Strickler
Kickstarter CEO
Note that they suggest changing your password on other sites where you used the same as for Kickstarter.
***The main reason I've deleted my account is not because of the breach itself (that seems to be a fact of cyber-life these days, unfortunately), but their cavalier attitude - hence my highlighting two sections in red.
~ why leave us vulnerable for three days? They knew Wednesday; we weren't informed until at least Saturday.
~ the comment about weak or obvious passwords is good advice, BUT in this context it smacks of trying to absolve themselves of any responsibility and shift the blame for any consequences of the breach onto their users. If their systems were strong enough, the strength of the password shouldn't be an issue.
I do hope nobody here is adversely affected. DO PLEASE CHANGE YOUR KICKSTARTER PASSWORDS!
|
|
|
|
Post by rueful on Feb 17, 2014 1:33:21 GMT
Thanks for the information, Walt and GE2! It's been so long since I used it that I had actually forgotten my password, but even with the breach, I just clicked "forgot password" and they sent me a link to my email account to create a new password. I suppose it's unlikely someone would have hacked both my Kickstarter account and my email account so quickly, but it sure was easy to get a new password without proving I was who I said I was. So I agree, everyone should change their passwords asap! PS I like your new Rant button, GE2.  I think mine would be set permanently to "on"!  |
|
|
|
Post by kissmekate on Feb 17, 2014 9:23:07 GMT
Thanks for the heads-up. I had not noticed the warning because I used my "junk" e-mail address to register at Kickstarter.
|
|
|
|
Post by walt on Feb 17, 2014 11:15:04 GMT
Thanks a lot for the additional info, GE2!
Meanwhile I received an answer by Kickstarter and could reset the password (which was certainly not a weak one). However, Kickstarter just sent an email including a link that is valid for one day to set a new password. Usually if you don't remember your password you get a code and you need to register under this code and then you can change your password. Therefore I'm doubtful how safe this method is as also email adresses were hacked. So I think I'll follow suit and delete my account as well.
Edited to say that I could not login at Kickstarter with my newly confirmed password. But they had sent me a 2nd ticket to change my password which I did and I instantly deleted my account!
|
|
|
|
Post by kygal on Feb 17, 2014 12:19:34 GMT
Thanks for this info!
|
|
