UPDATED 23:49 EDT / OCTOBER 08 2017

INFRA

User data from hacks of Kickstarter and Bitly in 2014 is now available online

User data stolen from crowdfunding site Kickstarter and link shortening service Bitly Inc. has been indexed online three years after both sites were hacked.

The new data, seemingly gathered from the dark web, a shady part of the internet accessible through special software, was indexed by data breach tracking site Have I Been Pwnd on Friday. The records now available on the site include 9 million from Bitly and 5.2 million from Kickstarter, although a number of records from both the hacks had previously been indexed by the site. Have I Been Pwnd does not publish password information, instead operating as a search and alert service that allows users to discover whether their data has been compromised.

Kickstarter was hacked in February 2014, with reports from the time noting that no credit card information had been taken but the attackers had made off with usernames, e-mail addresses, mailing addresses, phone numbers and encrypted passwords. Bitly was attacked in May the same year, with the attackers stealing email addresses, encrypted passwords, API keys and OAuth tokens.

Bitly took to Twitter to comment on the publication of its stolen data, saying that “RE: 3rd-party service recently shared a data compromise that affected Bitly in 2014. No current security threat; no action required.”

Kickstarter, on the other hand, updated its previous hack notification from 2014, writing that “some of our customers are hearing about our 2014 security breach today from a breach notification service.”

“A quick recap: Once we learned of this problem in 2014, we closed the breach, emailed all of our customers, and posted an alert encouraging everyone to reset their passwords. We’ve invalidated any passwords that weren’t changed at the time. Since 2014 we’ve strengthened our security measures, adding features like two-factor authentication and the ability to see where your account has been accessed.”

Kickstarter and Bitly were not the only two companies to have had additional hack data indexed by Have I Been Pwnd recently. The site also added data from ReverbNation, a site that provides tools for musicians. It had 7 million user records compromised in January 2014, along with data from DDoS prevention service Staminus, a smaller hack involving 27,000 records dating from March 2016.

Image: methodshop/Flickr

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.