Over the weekend (this past Saturday, February 15), I got an email from the popular online crowdfunding platform Kickstarter, informing me that my account may have been compromised.
Kickstarter CEO Yancey Strickler assured me, and all other Kickstarter users, that no credit card information was stolen, but that my name and other “usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords” were accessed by the hackers.
Data breaches are officially a constant occurrence, but I’m not sure if the threat feels real enough to everyone surfing the web. By the time a data breach notification email lands in your inbox, the crime has already been committed, and its repercussions are unpredictable.
Kickstarter data breach translated: A cyber criminal (imagine a thief or burglar in the offline world) now has my email, phone number, and mailing address. This individual (or criminal group, more likely) could call my cell phone or show up to my house after work. That’s downright frightening. And now my personal information (as in the case of the Target data breach) could be sold on the black market, viewed by strangers, and used against me.
Is someone actually going to call me or show up at my house? Probably not. More likely, they’ll see if the encrypted password to my Kickstarter account is the same password I use at other sites and try to take advantage of it. Strickler even says in his email that the hacker(s) could crack my encrypted passcode.
Is the data breach resolved, as Kickstarter implies?
The Kickstarter data breach email encouraged recipients to change their account passwords. If you don’t use secure, differentiated passwords across the web, this of course means you need to change your password(s) everywhere.
The weekend email from Kickstarter also says that it has boosted security “in numerous ways,” and that they “immediately closed the security breach.” So it was that easy? Such a mass data breach being identified and completely fixed so quickly seems a little too rosy.
Kickstarter’s handling of their data breach is more timely than other recently hacked companies, though. Many breaches don’t surface to the public for months. Take Kaiser, for example.
Takeaway #1: Be selective about who you give your information, and be skeptical about what companies tell you when they lose your data.
Be smarter about how you use the web
Recently, countless data breaches at major companies (including Target and Neiman Marcus during the 2013 holiday season) have made it clear that companies aren’t doing enough to stay ahead of cybercrime.
How can you trust any company to safeguard your info?
Giving out personal data on the web is an accident waiting to happen. Even sites with good intentions—like Kickstarter—are at risk.
This doesn’t mean that you shouldn’t participate in the wonders of the web. Kickstarter’s online platform allowed 3 million people to fund over 19,000 creative projects (totaling over $480 million pledged dollars) in 2013 alone. The Kickstarter project that I contributed to this year saved the independent movie theater in my hometown from shutting down.
Takeaway #2: The answer is not abandoning the incredible resources the internet has to offer; the answer is smarter participation.
Abine’s DoNotTrackMe encourages smarter participation
Abine’s goal is to provide you with tools to better protect your identity while you engage online. We created DoNotTrackMe because we want users to be able to crowdfund a project, and do whatever else they want on the web, without jeopardizing their well-being. DoNotTrackMe is available for free.
The Kickstarter data breach is further confirmation that any information you put online is at risk of getting in the wrong hands. It’s time for internet users to proactively protect themselves on the internet.
Takeaway #3: There are tools out there to help you stay safer and participate smarter on the web. DoNotTrackMe is one of them.
You can find the Kickstarter data breach security notification from Strickler here.