Kickstarter Hack Kickstarts Crowdfunding Security Conversation

post-type-avatar
Blog posts

Kickstarter Hack Kickstarts Crowdfunding Security Conversation

Crowdfunding Advisors, FundRazr Team

Helping our community get to the next level of crowdfunding success

On the evening of February 12, 2014, Kickstarter had its data compromised. “Law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers’ data,” an announcement on the website concedes. “Upon learning this, we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system.”

It is, to be sure, an alarming bit of news to get about a crowdfunding site, where credit card information plays such a prominent part. But it’s not a bad head’s up for the industry. As crowdfunding gains in prominence, reputation and use, concerns about the potential for privacy abuses and fraud are similarly on the climb. It’s why, as discussions about more closely regulating this emerging force gather speed, crime prevention conversations need to keep up the pace.

online-privacyGiven the multitude of platforms that increasingly proliferate the crowdfunding landscape, the idea of users logging into these smaller sites via massive and established social media portals like Facebook, Google+, LinkedIn and Twitter, rather than relying on a unique e-mail or password as a primary method of identification, is emerging as the smarter route. There is security, after all, in those big sites, and the notion that their massive resources would have some influence to bear on the business of protecting your passwords.

By way of subsequent clarification, Kickstarter explained away its security breach thus: “Older passwords were uniquely salted and digested with SHA-1 multiple times. More recent passwords are hashed with bcrypt.”

For non technoheads, such a confusing explanation does little to pacify concerns.

At FundRazr, we encourage people to log in using their social media ID because, our confidence in our security measures notwithstanding (and as counterintuitive as such a mass approach to site entry as this might appear), it’s actually the safest route. This rule applies to other crowdfunding sites and, frankly, most other smaller websites as well.

Did you enjoy this post?


Share it with your friends!