Hackers Hit Forbes, Kickstarter
Customer Data Compromised in Both IncidentsForbes magazine and fundraising site Kickstarter are advising their users to reset their passwords after hackers accessed their systems in apparently unrelated incidents.
See Also: Are You APT-Ready? The Role of Breach and Attack Simulation
Forbes reports a data breach exposed the e-mail addresses for all those registered on its Forbes.com. website. The company didn't reveal the number of individuals affected.
The publication is warning users to be wary of e-mails purporting to come from Forbes that could be part of a phishing attack, according to a notice posted on its website. Law enforcement has been notified of the incident.
The Syrian Electronic Army has claimed responsibility for the attack on Forbes, referencing the incident on the group's official Twitter account. The hacktivist group apparently supports Syrian President Bashar al-Assad and targets political and media sites its members feel are biased against the Syrian government.
A spokesperson for Forbes says the publisher is making adjustments to its website to protect online privacy and editorial integrity. "We've been looking into and monitoring the situation closely," the spokesperson says.
Breach Impacts Fundraising Site's Users
Meanwhile, Kickstarter has announced that it was notified by law enforcement last week that hackers gained unauthorized access to customer data. The company didn't reveal how many were affected.
Compromised information includes usernames, e-mail addresses, mailing addresses, phone numbers and encrypted passwords, the company said in a statement. The actual passwords were not revealed, but Kickstarter warns an individual with enough determination could crack an encrypted password.
No credit card data was accessed by hackers, Kickstarter says, and only two user accounts have evidence of unauthorized activity so far.
The company is encouraging users to create a new password for their accounts, as well as for other site accounts that use the same password.
"We're incredibly sorry that this happened," Kickstarter CEO Yancey Strickler says in a statement. "We set a very high bar for how we serve our community, and this incident is frustrating and upsetting."
Kickstarter says it's working closely with law enforcement and is taking steps to improve its security procedures and systems. No one has claimed credit for the attack so far.
The company did not immediately respond to a request for comment.