INFRA
INFRA
INFRA
User data from hacks of Kickstarter and Bitly in 2014 is now available online
User data stolen from crowdfunding site Kickstarter and link shortening service Bitly Inc. has been indexed online three years after both sites were hacked.
The new data, seemingly gathered from the dark web, a shady part of the internet accessible through special software, was indexed by data breach tracking site Have I Been Pwnd on Friday. The records now available on the site include 9 million from Bitly and 5.2 million from Kickstarter, although a number of records from both the hacks had previously been indexed by the site. Have I Been Pwnd does not publish password information, instead operating as a search and alert service that allows users to discover whether their data has been compromised.
Kickstarter was hacked in February 2014, with reports from the time noting that no credit card information had been taken but the attackers had made off with usernames, e-mail addresses, mailing addresses, phone numbers and encrypted passwords. Bitly was attacked in May the same year, with the attackers stealing email addresses, encrypted passwords, API keys and OAuth tokens.
Bitly took to Twitter to comment on the publication of its stolen data, saying that “RE: 3rd-party service recently shared a data compromise that affected Bitly in 2014. No current security threat; no action required.”
Kickstarter, on the other hand, updated its previous hack notification from 2014, writing that “some of our customers are hearing about our 2014 security breach today from a breach notification service.”
“A quick recap: Once we learned of this problem in 2014, we closed the breach, emailed all of our customers, and posted an alert encouraging everyone to reset their passwords. We’ve invalidated any passwords that weren’t changed at the time. Since 2014 we’ve strengthened our security measures, adding features like two-factor authentication and the ability to see where your account has been accessed.”
Kickstarter and Bitly were not the only two companies to have had additional hack data indexed by Have I Been Pwnd recently. The site also added data from ReverbNation, a site that provides tools for musicians. It had 7 million user records compromised in January 2014, along with data from DDoS prevention service Staminus, a smaller hack involving 27,000 records dating from March 2016.
Image: methodshop/Flickr
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
