EEVblog Electronics Community Forum
Products => Crowd Funded Projects => Topic started by: dexters_lab on February 15, 2014, 10:00:57 pm
-
Just had this from KS, time to change your password!
On Wednesday night, law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers' data. Upon learning this, we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system.
No credit card data of any kind was accessed by hackers. There is no evidence of unauthorized activity of any kind on your account.
While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one.
As a precaution, we strongly recommend that you change the password of your Kickstarter account, and other accounts where you use this password.
To change your password, log in to your account at Kickstarter.com and look for the banner at the top of the page to create a new, secure password. We recommend you do the same on other sites where you use this password. For additional help with password security, we recommend tools like 1Password and LastPass.
We’re incredibly sorry that this happened. We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come. We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again.
Kickstarter is a vibrant community like no other, and we can’t thank you enough for being a part of it. Please let us know if you have any questions, comments, or concerns. You can reach us at accountsecurity@kickstarter.com.
Thank you,
Yancey Strickler
Kickstarter CEO
-
ps oops, nm.
-
This may be the reason for Dave's comment about not being able to change the receiving bank account.
-
Saddest part is not many companies have the guts to admit something like this. Some companies just stay silent and hope no one notices.
-
Changed my password to another generated one now.
E68sjn02Kp2aQ is no longer in use.
-
E68sjn02Kp2aQ is no longer in use.
Seems quite safe. I'll use it. Thanks.
-
ROFL, who knows?
I often use a password from www.grc.com/password (http://www.grc.com/password) as a starter for generating one.
-
E68sjn02Kp2aQ is no longer in use.
Seems quite safe. I'll use it. Thanks.
damn.. owiecc grabbed it before I could.. Sean, have you got another, send it to me :) thanks!
-
7qVSMUUeH77md
-
lol, i just jab randomly at the keyboard!
-
lol, i just jab randomly at the keyboard!
Hard to do that in the password entry where you have to enter it twice..... A row of *************** will not do!
-
lol, i just jab randomly at the keyboard!
Hard to do that in the password entry where you have to enter it twice..... A row of *************** will not do!
Of course you do it in Notepad first and the copy-paste twice :P
-
Fricken Notepad... I've done that trick, Windows crashed after I pasted it and before I could save it :)
-
7qVSMUUeH77md
Too simple :-)
7q!VsM%UU;eH&63mdö
-
(http://imgs.xkcd.com/comics/password_strength.png)
classic but still valid.
-
lol, i just jab randomly at the keyboard!
Hard to do that in the password entry where you have to enter it twice..... A row of *************** will not do!
Of course you do it in Notepad first and the copy-paste twice :P
exactly, i use Steganos LockNote to store everything, it's like Notepad but with encryption
-
(http://imgs.xkcd.com/comics/password_strength.png)
classic but still valid.
No, see http://www.wired.co.uk/news/archive/2013-05/28/password-cracking (http://www.wired.co.uk/news/archive/2013-05/28/password-cracking) Passwords like "momof3g8kids" were cracked. Modern password cracking programs do dictionary attacks with multiple words and arbitrary characters between words. So four common words (maybe a dictionary with 1000 common words) would need 1000^4 = 10^12 tries. Depending on the algorithm, modern graphics cards or special hardware can test 10^9 passwords per second, which means it would be cracked in 17 minutes. A three word password in one second, which allows even testing for the popular number or character between the words.
The only secure password is at least 10 random letters and numbers. Anything random below 8 could be cracked fast, if the system uses standard hashing functions and if the hacker has the password hash.
-
Here's another password option. You don't need to remember the password itself, jsut the starting point in the sequence.
http://www.passwordcard.org/en (http://www.passwordcard.org/en)
-
;) http://correcthorsebatterystaple.net/ (http://correcthorsebatterystaple.net/)
-
;) http://correcthorsebatterystaple.net/ (http://correcthorsebatterystaple.net/)
Only 2284 words: http://correcthorsebatterystaple.net/data/wordlist.txt (http://correcthorsebatterystaple.net/data/wordlist.txt)