Account details millions of Bit.ly and Kickstarter users appear online verschijnen
The ‘Have I been pwned’ service has added millions of account details from 2014 data breaches from both Bit.ly and Kickstarter to its database. The two services already announced the data breaches at the time, but now the data has appeared online.
At Bit.ly, the data breach concerns 9.3 million unique e-mail addresses, usernames and passwords, which have been hashed mainly via sha1 and partly via bcrypt. Bit.ly announced in May 2014 that it had been the victim of a hack that stolen user data.
In the case of Kickstarter, this involves nearly 5.2 million accounts, whose email addresses and passwords hashed with sha1 have been exposed. This hack took place in February 2014 and was then also reported by Kickstarter. Both Bit.ly and Kickstarter advised users to change their passwords at the time.
The ‘Have I been pwned’ service has added the stolen account information to its database so that users can verify whether it concerns their accounts. The reason the service is now paying attention to the hacks is probably that it has only just now found the databases of stolen data online.