Security breach at Kickstarter

[lanux128]

There has been a security breach at Kickstarter.com and all users are advised to change their passwords immediately.



• https://www.kickstar...rter-security-notice

[rgdot]

Thanks for posting this.

I have a serious (may be dumb) question. We often hear about credit card/password info was not breached. what about sites like this that ask for name and address (to ship stuff). Isn't name and address (as a combo) may be even more valuable than a card that can be cancelled and/or has zero liability if used maliciously?

[wraith808]

Not really.  Yes, name and address are valuable information for scammers, but only in combination with other things- and there are easier ways to get those than breaching a website.

[rgdot]

Good point about 'easier ways', thanks

[TaoPhoenix]

Not really.  Yes, name and address are valuable information for scammers, but only in combination with other things- and there are easier ways to get those than breaching a website.

-wraith808 (February 15, 2014, 11:02 PM)

Maybe but the disclosure included five items - Usernames, emails, mail addresses, phone numbers, and encrypted passwords.

That's a good haul, on the order of "it only takes three more things" to ruin someone.

[wraith808]

The usernames and emails aren't really going to be all that useful in most identity scams.  Perhaps phishing, but then again, with that, you have to be complicit once again.  The other things that you need are the big ones that aren't vastly public knowledge are the ones that you need to perpetrate such things.