Popular crowdfunding platform Kickstarter was hacked, as was said in its #-Link-Snipped-# on Saturday. The reason behind the attack is unknown. The attackers departed with usernames, encrypted passwords, e-mail addresses, mailing addresses and phone numbers. Upon hearing the security breach, Kickstarter immediately closed it and began upgrading its security measures throughout the system.

The blog further added that the passwords stolen were encrypted but the weak or obvious passwords could be decrypted by a person having enough computing power. Therefore, Kickstarter has advised its users to reset their passwords. It has also assured that no credit card information was stolen. The passwords were encrypted multiple times using the Sha 1 algorithm and the newer accounts were encrypted using Bcrypt. The number of accounts compromised appears to be two in number and Kickstarter said that it had reached out to them and had also secured their accounts.
As a safety measure, Kickstarter also reset the Facebook credentials of all accounts meaning that it was not possible to log in Kickstarter using a Facebook account. After logging in, the user could simply restore it by reconnecting the account to Facebook.

Interestingly, cryptanalysts had found attacks on SHA-1 suggesting that the algorithm was no longer suitable to secure data way back in 2005 and NIST required many applications in federal agencies to move to Sha 2 after 2010 because of the weakness. Read more about how the #-Link-Snipped-# and also #-Link-Snipped-#.

Do we all have to live in a constant fear of losing our confidential information unless companies update their security standards? Share your views in the comments below.

(Source: Kickstarter Blog, Wikipedia)