15 Million Hacked Kickstarter and Bitly Accounts Are Now Publicly Available [updated]

I received two friendly alerts this morning from Have I Been Pwned , a free service that monitors data breaches and tells you if your information has been leaked. He informed me that my old Kickstarter and Bitly passwords, hacked in 2014, are now publicly available (albeit encrypted) on the Internet.

Bitly (URL shortening) and Kickstarter (thin wallet store) announced these violations when they discovered them. This hacked account information, which includes usernames and encrypted passwords, has finally made its way onto the public Internet.

Have I Been Pwned took this information and cataloged it. The site never discloses confidential information, but if you provide it with your email address, it can tell you if the corresponding account has been opened.

This will remind you of three good security habits:

  1. Subscribe to Have I Been Pwned alerts (click Notify Me in the top menu) so that whenever an account with your email address goes public, Have I Been Pwned can notify you and you can change your password if you aldeady no.
  2. Never reuse passwords! Never. Don’t let one hack compromise your account on five different sites. “But I only reuse passwords on sites that don’t matter!” You might say. But then you use one site to log in to another, or you provide the site with your credit card information, and suddenly that account does matter. Your accounts will be hacked. You can only contain the damage.
  3. Use a password manager instead. Then you don’t have to remember your passwords, you don’t have to come up with them, you don’t even have to enter them. In addition, this manager will warn you about hacks usually earlier than HaveIBeenPwned. Life will be easy and free.

Update October 6, 6:00 pm: We changed hack to hack and indicated that cracked passwords were encrypted to more accurately reflect the Kickstarter and Bit.ly hacks. In many other cases, passwords were disclosed in clear text. Have I Been Pwned has more details on these two and many more violations in this link.

More…

Leave a Reply