Important Kickstarter Security Notice (fwd)

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: Kickstarter <no-reply () kickstarter com>
To:
Date: Sat, 15 Feb 2014 21:25:31 +0000 (UTC)
Subject: Important Kickstarter Security Notice

On Wednesday night, law enforcement officials contacted Kickstarter and 
alerted us that hackers had sought and gained unauthorized access to some 
of our customers' data. Upon learning this, we immediately closed the 
security breach and began strengthening security measures throughout the 
Kickstarter system.

No credit card data of any kind was accessed by hackers. There is no 
evidence of unauthorized activity of any kind on your account.

While no credit card data was accessed, some information about our 
customers was. Accessed information included usernames, email addresses, 
mailing addresses, phone numbers, and encrypted passwords. Actual 
passwords were not revealed, however it is possible for a malicious person 
with enough computing power to guess and crack an encrypted password, 
particularly a weak or obvious one.

As a precaution, we strongly recommend that you change the password of 
your Kickstarter account, and other accounts where you use this password.

To change your password, log in to your account at Kickstarter.com and 
look for the banner at the top of the page to create a new, secure 
password. We recommend you do the same on other sites where you use this 
password. For additional help with password security, we recommend tools 
like 1Password and LastPass.

We?re incredibly sorry that this happened. We set a very high bar for how 
we serve our community, and this incident is frustrating and upsetting. We 
have since improved our security procedures and systems in numerous ways, 
and we will continue to do so in the weeks and months to come. We are 
working closely with law enforcement, and we are doing everything in our 
power to prevent this from happening again.

Kickstarter is a vibrant community like no other, and we can?t thank you 
enough for being a part of it. Please let us know if you have any 
questions, comments, or concerns. You can reach us at 
accountsecurity () kickstarter com.

Thank you,
Yancey Strickler
                                   Kickstarter CEO
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!