+1 for KeePass here . Been using it for a long time.
General / Off-Topic Change your Kickstarter password
- Thread starter Cody
- Start date
+1 for KeePass here . Been using it for a long time.
If it has been hacked for email accounts then it would be best to change your email account to a different one for kickstarter, then you know any emails you get regarding kickstarter on you previous email address is fake.
When choosing a password it is worth being aware of things like Rainbow Tables which can be used to very quickly discover passwords.
http://en.wikipedia.org/wiki/Rainbow_table
https://www.freerainbowtables.com/
Currently there are only tables of up to 8 characters that include all characters. For safety, never choose a password shorter than 9 characters and make sure you add in a non-alphanumeric character too.
http://en.wikipedia.org/wiki/Rainbow_table
https://www.freerainbowtables.com/
Currently there are only tables of up to 8 characters that include all characters. For safety, never choose a password shorter than 9 characters and make sure you add in a non-alphanumeric character too.
<doffs sombrero - nods in thanks>
Kickstarter was hacked
you might want to change your password.
more info at:
https://www.kickstarter.com/blog/important-kickstarter-security-notice
you might want to change your password.
more info at:
https://www.kickstarter.com/blog/important-kickstarter-security-notice
Last edited:
I personally used Facebook handle to authorize, so no password saved on KS site.
Many encrypted passwords are straightforward to crack. I'd be happier if I knew they were encrypted with salt so that precomputed look-up attacks aren't viable.
It's amazing how basic the protection is used by some big name websites . I don't know about KS, there's no technical info in their statement
Edit: I read the original statement, now updated see next post
Last edited:
Doh! KS have provided more details in their statement:
Kick starter Hacked
Thought it worth a mention
http://www.computerworld.com/s/arti...words_accessed?mm_ref=http://news.google.com/
Thought it worth a mention
http://www.computerworld.com/s/arti...words_accessed?mm_ref=http://news.google.com/
This is thread no. #4
Change your Kickstarter password
Kickstarter was hacked (locked)
Kickstarter has hacked
EDIT: This is possibly #5
http://forums.frontier.co.uk/showthread.php?t=12000
(not aimed only at you Bingo) ENOUGH WITH THE KICKSTARTER WAS HACKED THREADS
Change your Kickstarter password
Kickstarter was hacked (locked)
Kickstarter has hacked
EDIT: This is possibly #5
http://forums.frontier.co.uk/showthread.php?t=12000
(not aimed only at you Bingo) ENOUGH WITH THE KICKSTARTER WAS HACKED THREADS
Last edited:
Sterling effort by the mods in merging all these threads but I wonder if the Off-Topic subforum is the best place to bury something with such serious security implications.
Kickstarter are sending out e-mails. We know that some of these won't be read either because people don't check their e-mail regularly or because the messages get filtered into rarely-seen subdirectories or, worse, spam folders.
ED was unusual in that early backers had to sign up for the Backers' App / Store with the same e-mail address they used to back the Kickstarter. So even people who use unique e-mail addresses for every site will have been using a now-wild address for ED.
(Sadly, many will no doubt have used the same password for convenience.)
So at best, the ED Store is full of accounts that are using now-compromised e-mail addresses. At worst, if the purloined Kickstarter passwords turn out to be weakly encrypted or otherwise subject to easy cracking, ED Store accounts could be vulnerable.
What are the chances that someone who doesn't read their e-mail happens to stumble upon the Kickstarter news in the Off-Topic forum?
I would have stickied a thread in the Private Backers' Forum, with a similarly titled locked thread in the Alpha forum pointing to it. Most of the folk in there, and certainly the early adopters, will have Kickstarter accounts. Those are the people who need to know the most.
Further, at the risk of scaremongering, I'd also have sent out an e-mail to all Kickstarter backers. Some people might pay more immediate attention to an e-mail from Frontier than from Kickstarter. And I'd put a notification in the Alpha Launcher, although I appreciate that it's a weekend and it may not be possible to do that.
Remember this is not just e-mails and salted password hashes that have been ripped off this time. It's snail mail addresses and telephone numbers as well. A social engineer's dream. The more people who know about this and can change their passwords (and ideally their e-mail addresses) at both Kickstarter and Frontier, the better.
Kickstarter are sending out e-mails. We know that some of these won't be read either because people don't check their e-mail regularly or because the messages get filtered into rarely-seen subdirectories or, worse, spam folders.
ED was unusual in that early backers had to sign up for the Backers' App / Store with the same e-mail address they used to back the Kickstarter. So even people who use unique e-mail addresses for every site will have been using a now-wild address for ED.
(Sadly, many will no doubt have used the same password for convenience.)
So at best, the ED Store is full of accounts that are using now-compromised e-mail addresses. At worst, if the purloined Kickstarter passwords turn out to be weakly encrypted or otherwise subject to easy cracking, ED Store accounts could be vulnerable.
What are the chances that someone who doesn't read their e-mail happens to stumble upon the Kickstarter news in the Off-Topic forum?
I would have stickied a thread in the Private Backers' Forum, with a similarly titled locked thread in the Alpha forum pointing to it. Most of the folk in there, and certainly the early adopters, will have Kickstarter accounts. Those are the people who need to know the most.
Further, at the risk of scaremongering, I'd also have sent out an e-mail to all Kickstarter backers. Some people might pay more immediate attention to an e-mail from Frontier than from Kickstarter. And I'd put a notification in the Alpha Launcher, although I appreciate that it's a weekend and it may not be possible to do that.
Remember this is not just e-mails and salted password hashes that have been ripped off this time. It's snail mail addresses and telephone numbers as well. A social engineer's dream. The more people who know about this and can change their passwords (and ideally their e-mail addresses) at both Kickstarter and Frontier, the better.
Like the emergency services say, they would rather receive many calls about an incident rather then none because everyone thought that someone else was going to call. Just sayin'.
I think FD said a similar thing about bug reporting as well.
Like the emergency services say, they would rather receive many calls about an incident rather then none because everyone thought that someone else was going to call. Just sayin'.
I think FD said a similar thing about bug reporting as well.
Emergency services and bug reporting, fair enough ...
but five threads about Kickstarter being hacked? I'm sorry, but people need to look to see if there is already a thread about things they want to post about.
We have two threads about gimbled weapons, simply because the person who started the second thread didn't look.
So, I'm sorry I was a bit OTT and dramatic, but FIVE threads?
You're right of course. Although it does give the moderators something to do! <ducks>
Get merging folks.