Hack In today’s world of large retailers and resources become commonplace: the news of this sounds almost every week. Now the most famous attraction of micro-investment service, Kickstarter, has expanded the list. The company said in a blog (as well as by users to send emails) that attackers have found a way to certain parts of the database Kickstarter.
The good news is that the hackers did not have access to records with information on credit cards (at least, signs of the experts have been found), but even if it is in some way failed, Kickstarter does not store whole numbers their credit card users.
Nevertheless, the attackers were able to get a database containing the names of users and their e-mail, encrypted passwords, and even e-mail addresses with telephone numbers. The fact that the passwords are encrypted, is, of course, plus (sometimes happens that even well-known sites store passwords in clear text). Nevertheless, it is worth remembering that on the basis of this base in the presence of certain computing resources can choose passwords, so users Kickstarter certainly want to change their login credentials.
Kickstarter notes that the vulnerability of them said Wednesday representatives of law enforcement agencies (which ones – is not specified), after which they immediately closed the security hole that was used for user data. Last 4 days a micro-investment officers were investigating, trying to figure out how exactly to the data and the extent to which the attackers gained access.
Kickstarter reports the following details hacking:
- passwords were stripped one of two methods: the old ones were hashed using SHA-1 algorithm, and a new – using bcrypt;
- company noted that before informing users it took 4 days in order to analyze the situation in detail;
- if access to the service Kickstarter used Facebook, then the account on the social network will not be affected, however, Kickstarter is disabled for all communication with accounts of Facebook, so that they will have to connect again.
Related Content:
Sources:
No comments:
Post a Comment