Kickstarter Security Breach Exposes Customer Data

New submitter jbov writes "Kickstarter members received an e-mail at about 16:40 EST notifying them of a security breach. According to the e-mail, information including user names, encrypted passwords, mailing addresses, and phone numbers may have been revealed. Kickstarter members were urged to change their passwords. 'Older passwords were uniquely salted and digested with SHA-1 multiple times. More recent passwords are hashed with bcrypt.' Kickstarter claims that credit card information was not accessed during the breach. According to Kickstarter, law enforcement officials contacted the company on Wednesday night and alerted them that 'hackers had sought and gained unauthorized access to some of our customers' data.' Upon learning of the breach, Kickstarter closed the security breach and began strengthening security measures."

at least ..

[thephydes]

they did the right thing and contacted all the people who use KS and advised them to change their login. Unlike Adobe who still haven't contacted me....... With influence comes responsibility - KS has taken responsibility, Adobe never did.

PKI

Why are we not using public private key infrastructure for online logins yet????? It's 2014, most people have been online for nearly twenty years and human beings are still using passwords that have to (generally speaking) be memorized which leads to poor password choices and repetition. This problem should have been solved YEARS ago.

Re:PKI

[Molt]

USB tokens won't work at the moment, too many people accessing the internet using phones and tablets without USB ports.