Information Kickstarter hacked.

[Humanity has risen!]

It should be a law: you compromise someone's name and address, you owe them 6 years of real time credit monitoring.

 

[deuxhero]

"Credit monitoring" does shit.

What should be done is let anyone who MAY be a victim from such a breech freeze their credit with the same ease someone who actually has been effected can.

 

[Humanity has risen!]

"Credit monitoring" does shit.

What should be done is let anyone who MAY be a victim from such a breech freeze their credit with the same ease someone who actually has been effected can.

It's putting a hold on your credit file that does nothing, most credit lenders just flat out ignore such a flag on your credit file. It doesn't stop identity thieves.

Credit monitoring at least allows you to know if someone is trying to request credit in your name and stop it in its tracks.

 

[deuxhero]

You're confusing a freeze with a fraud alert. You have to call and wait for credit to thaw before applying for credit when frozen.

 

[SuicideBunny]

On Wednesday night, law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers' data.​

What? How on Earth are law enforcement the ones to find out first?

http://arstechnica.com/tech-policy/...d-2-3-daily-tips-to-fbi-for-at-least-3-years/
the "advantages" of spying on virtually everybody with some electronic device capable of communication...

 

[kazgar]

At least I can blame hackers for the broken age backer status on my profile now.

 

[Doctor Sbaitso]

Doofuses like these who are careless enough to let their customers data leaked need to be hit with onerous class action lawsuits and be forced to cover real-time credit analysis for years. They'll think twice about skimping on security.

Actually considering only password hashes were taken and no card information, recovering so quickly is solid. That is if the disclosure is full. It could have been.much worse and all things considered I suspect they can demonstrate substantive measures taken and enacted in quick fashion.

For the people who have had their name, address, etc taken, there is no defense against it, and it can get them victimized through identity theft.

And of course those who had their e-mail address stolen will receive a mountain of spam and nigerian scams.

cboyardee and Vault Dweller will both have male escorts sent to their houses

Anyone using the Internet to perform any sort of interaction using their real name and address should realize that their information WILL be obtained just as it can from a phone book. On the heels of a breach people may want to put a watch on their credit, reset their password at KS (and anywhere else they may have used it) and never use that password again. Other than that, nothing is obtained that cannot be obtained or has already been obtained. Further, if a retailer chooses to issue credit with insufficient checks that is their problem entirely. I have zero fear of fraudulent activity because I know what my responsibilities and credit issuer responsibilities are.

 

[Septaryeth]

Just received the important notice email.
It seems Codex is more vigilant than KS.

 

[Humanity has risen!]

Fraudulent activity on a credit card is trivial, you won't be held liable for it. Identity theft, on the other hand, can be like having a sword of Damocles dangling over yourself. Especially since most places only ask for shockingly little info to check your identity, and phone clerks can be easily social engineered.

 

[Spectacle]

Fraudulent activity on a credit card is trivial, you won't be held liable for it. Identity theft, on the other hand, can be like having a sword of Damocles dangling over yourself. Especially since most places only ask for shockingly little info to check your identity, and phone clerks can be easily social engineered.

If someone can steal your identity knowing only your name and address, you're fucked no matter what you do. That is generally considered to be public information, unless you have a specific reason to be living in hiding. I don't think kickstarter knows anything about me that isn't also in the phone book.

 

[DragoFireheart]

Tired of all these assholes, be it Kickstarter or Target, having security breaches.

If it turns out my identity is stolen, I'm just gonna mass sue these companies and blame them.

 

[potatojohn]

Good thing I don't have a KS account.

 

[Turjan]

I used a throwaway password there, so I guess I'm fine. Replaced it with another throwaway password.

 

[Jedi Master Radek]

Fraudulent activity on a credit card is trivial, you won't be held liable for it. Identity theft, on the other hand, can be like having a sword of Damocles dangling over yourself. Especially since most places only ask for shockingly little info to check your identity, and phone clerks can be easily social engineered.

If someone can steal your identity knowing only your name and address, you're fucked no matter what you do. That is generally considered to be public information, unless you have a specific reason to be living in hiding. I don't think kickstarter knows anything about me that isn't also in the phone book.

Let's play:

• any Internet shop
• pizza's delivery
  
• post office
• school or university
• work place
• taxi
• neighbors
• any local self government
  
• actually a government
• hospital or any other medical thing
  
• friends and acquittances
  
• mobile operator
• Internet operator
• electricity operator
• gas operator
• bank
• many Internet sites track user whereabouts
  
• from social sites (localizing places of photos taken, where friends live, where the favorites places like restaurants, cinemas are)
• any customer/discount card or whatever is it called
• in some cases police or firefighters
• any kind of a local institution which store any estate rights documents
• maybe sport club or any other club one is a member of
• maybe some religious institution
• business card

 

[Boleskine]

I use a variety of passwords, but now it's time to probably use a manager.

Anybody have recommendations/feedback on 1Password, LastPass, keepass, or other similar services?

 

[Humanity has risen!]

Fraudulent activity on a credit card is trivial, you won't be held liable for it. Identity theft, on the other hand, can be like having a sword of Damocles dangling over yourself. Especially since most places only ask for shockingly little info to check your identity, and phone clerks can be easily social engineered.

If someone can steal your identity knowing only your name and address, you're fucked no matter what you do. That is generally considered to be public information, unless you have a specific reason to be living in hiding. I don't think kickstarter knows anything about me that isn't also in the phone book.

Let's play:

• any Internet shop
• pizza's delivery
  
• post office
• school or university
• work place
• taxi
• neighbors
• any local self government
  
• actually a government
• hospital or any other medical thing
  
• friends and acquittances
  
• mobile operator
• Internet operator
• electricity operator
• gas operator
• bank
• many Internet sites track user whereabouts
  
• from social sites (localizing places of photos taken, where friends live, where the favorites places like restaurants, cinemas are)
• any customer/discount card or whatever is it called
• in some cases police or firefighters
• any kind of a local institution which store any estate rights documents
• maybe sport club or any other club one is a member of
• maybe some religious institution
• business card

Exactly. It's very easy to gather data about you, and you're only as good as the weakest link in all of these operations. The clerk at minimum wage who flat out doesn't care.

 

[Humanity has risen!]

You're confusing a freeze with a fraud alert. You have to call and wait for credit to thaw before applying for credit when frozen.

This is only available in the US from what I can see.

And it's too big an hassle anyway, there's too many services where you need a credit check in order to proceed ahead.

 

[Papa Môlé]

http://arstechnica.com/tech-policy/...d-2-3-daily-tips-to-fbi-for-at-least-3-years/
the "advantages" of spying on virtually everybody with some electronic device capable of communication...

Is this psyops to undermine public confidence in crowdfunding perhaps?

http://techcrunch.com/2013/06/10/fund-edward-snowden/

 

[Scruffy]

can be like having a sword of Damocles dangling over yourself

you and your homosexual metaphors

 

[sea]

I use a variety of passwords, but now it's time to probably use a manager.

Anybody have recommendations/feedback on 1Password, LastPass, keepass, or other similar services?

LastPass is the best one in my opinion. Haven't tried 1Password. KeePass is good too but its browser integration is weak and it relies on you storing your database locally rather than online.

 

[Doctor Sbaitso]

Fraudulent activity on a credit card is trivial, you won't be held liable for it. Identity theft, on the other hand, can be like having a sword of Damocles dangling over yourself. Especially since most places only ask for shockingly little info to check your identity, and phone clerks can be easily social engineered.

If someone can steal your identity knowing only your name and address, you're fucked no matter what you do. That is generally considered to be public information, unless you have a specific reason to be living in hiding. I don't think kickstarter knows anything about me that isn't also in the phone book.

Let's play:

• any Internet shop
• pizza's delivery
  
• post office
• school or university
• work place
• taxi
• neighbors
• any local self government
  
• actually a government
• hospital or any other medical thing
  
• friends and acquittances
  
• mobile operator
• Internet operator
• electricity operator
• gas operator
• bank
• many Internet sites track user whereabouts
  
• from social sites (localizing places of photos taken, where friends live, where the favorites places like restaurants, cinemas are)
• any customer/discount card or whatever is it called
• in some cases police or firefighters
• any kind of a local institution which store any estate rights documents
• maybe sport club or any other club one is a member of
• maybe some religious institution
• business card

Exactly. It's very easy to gather data about you, and you're only as good as the weakest link in all of these operations. The clerk at minimum wage who flat out doesn't care.

The weakest link is you yourself. You have freely given this information out hundreds or thousands of times. Your information is out there and you cannot stop it unless you vow to be a hermit and only ever pay in person and in cash.

 

[Doctor Sbaitso]

You're confusing a freeze with a fraud alert. You have to call and wait for credit to thaw before applying for credit when frozen.

This is only available in the US from what I can see.

And it's too big an hassle anyway, there's too many services where you need a credit check in order to proceed ahead.

http://lmgtfy.com/?q=canada+add+fraud+alert

 

[Humanity has risen!]

You're confusing a freeze with a fraud alert. You have to call and wait for credit to thaw before applying for credit when frozen.

This is only available in the US from what I can see.

And it's too big an hassle anyway, there's too many services where you need a credit check in order to proceed ahead.

http://lmgtfy.com/?q=canada add fraud alert

Fraud alert is not the same thing as credit freeze. The latter does not exist in Canada.

 

[Humanity has risen!]

Fraudulent activity on a credit card is trivial, you won't be held liable for it. Identity theft, on the other hand, can be like having a sword of Damocles dangling over yourself. Especially since most places only ask for shockingly little info to check your identity, and phone clerks can be easily social engineered.

If someone can steal your identity knowing only your name and address, you're fucked no matter what you do. That is generally considered to be public information, unless you have a specific reason to be living in hiding. I don't think kickstarter knows anything about me that isn't also in the phone book.

Let's play:

• any Internet shop
• pizza's delivery
  
• post office
• school or university
• work place
• taxi
• neighbors
• any local self government
  
• actually a government
• hospital or any other medical thing
  
• friends and acquittances
  
• mobile operator
• Internet operator
• electricity operator
• gas operator
• bank
• many Internet sites track user whereabouts
  
• from social sites (localizing places of photos taken, where friends live, where the favorites places like restaurants, cinemas are)
• any customer/discount card or whatever is it called
• in some cases police or firefighters
• any kind of a local institution which store any estate rights documents
• maybe sport club or any other club one is a member of
• maybe some religious institution
• business card

Exactly. It's very easy to gather data about you, and you're only as good as the weakest link in all of these operations. The clerk at minimum wage who flat out doesn't care.

The weakest link is you yourself. You have freely given this information out hundreds or thousands of times. Your information is out there and you cannot stop it unless you vow to be a hermit and only ever pay in person and in cash.

It's a choice that isn't exactly a choice if you want to partake in society, hence why organizations need to be held accountable and face heavy fines if they fail to protect it. All the more so when it is done through the Internet, and something like an SQL injection can literally allow thieves to make out with millions of accounts, whereas other methods would be far riskier and fastidious.

 

[J_C]

Unfortunately I have dozens of account which use the same email+password combo as the kickstarter site, so I'm not going to go through each and every one of them, to change it. I take my luck and pray that the hackers won't use my data.