On the Kickstarter blog, CEO Yancy Strickler wrote: “Accessed information included usernames, email addresses, phone numbers and encrypted passwords.” No credit card numbers are stored by Kickstarter, but data obtained from the breach could be used to access client email accounts, which could lead to further exploitation. Although passwords are encrypted, anyone who used the service has been advised to change them immediately.
While the details of the attack are unclear at this point, the lessons learned are:
- IT staff must be vigilant with security updates
- Passwords must be strong (a number, capital plus lowercase letters, and at least one special character)
- Passwords should be varied across sites – don’t keep using the same password
- Change passwords regularly
- Check activity on bank accounts on a regular basis.
EdgeWave’s Data Loss Prevention tools can prevent the loss of sensitive data by analyzing information being sent out of networks and detecting private content in motion, keeping data from leaving the network.