Kickstarter API security bug exposed 77,000 projects

Kickstarter security

Crowdfunding powerhouse Kickstarter suffered its first high-profile security screw-up on Friday, which resulted in the early exposure of approximately 77,000 projects, the company announced on Sunday after being contacted by the Wall Street Journal.
No credit card data, or other highly sensitive information, was revealed through the security hole, the company said.

“The bug was introduced when we launched the API in conjunction with our new homepage on April 24, and was live until it was discovered and fixed on Friday, May 11, at 1:42pm,” wrote Yancey Strickler, co-founder of Kickstarter, on the company blog. “The bug made accessible the project description, goal, duration, rewards, video, image, location, category, and user name for unlaunched projects. No account or financial data was made accessible.”

According to Strickler, only 48 projects were exposed beyond what the Wall Street Journal accessed for its report.

While the security hole may have not exposed financial data, it does serve as a stark reminder the vulnerabilities of handing over credit card information to a website.

Launched in 2008, Kickstarter has quickly become the go-to place for artists, game-makers, and technology entrepreneurs to gain funding and exposure for their embryonic ideas. Kickstarter, which takes a 5 percent cut of all funds pledged to successful projects, raise nearly $100 million for 27,000 projects last year, and has become something of a household name in the past few months. Kickstarter recently announced that it has raised a total of $200 million over the past three years.

One project, the Pebble smartwatch, which connects via Bluetooth with Android and iPhone smartphones, recently became the highest-funded project in Kickstarter history, having raised about $10.2 million — more than 100 times its original goal of $100,000 — with four days left to go, at the time of this writing. The Pebble watch itself is completely sold out.

Those who pledge money to Kicstarter projects are not investors in the same way venture capitalists or stock holders are investors. Instead, money pledged on to a Kickstarter project is most often a kind of pre-order for the product itself. If you pledged a certain minimum amount toward the Pebble watch, for example, then you are in line to receive an early edition of the watch, plus other perks, like personalized messages from the co-founders, or other exclusive benefits. The money pledged is usually used to get the business off the ground, such as paying for production costs. To pledge on Kickstarter is to be the earliest of early adopters; you are buying something that often times doesn’t even yet exist.

Whether or not last week’s security breach affects Kickstarter’s business is yet to be seen; however, we would wager that not many will be put off by a security lapse that exposed nothing more than some untested projects.

Emerging Tech

This cryptocurrency wallet for kids isn’t nearly as stupid as it sounds

So you’ve taught your 6-year-old child to read, write, and play nice with others. What’s next? Give them a base understanding of cryptocurrency, of course. This Kickstarter aims to help.
Digital Trends Live

Cryptocurrency investor Ian Balina sees a comeback for cryptocurrency in 2019

We chatted with crypto investor Ian Balina on what the future is for cryptocurrencies and Bitcoin. He also gave us three things to look for when we are investing our own money.

The Galaxy S10 may be announced before MWC, sell for up to $1,750

While we still may be months away from an announcement, there's no doubt about it: Samsung is working hard on its successor to the Galaxy S9. Here's everything we know about the upcoming Samsung Galaxy S10.

Can Microsoft’s Airband Initiative close broadband gap for 25M Americans?

A new report from the Federal Communications Commission (FCC) says that 25 million Americans do not have access to broadband internet. Of these, more than 19 million are living in rural communities. Can Microsoft help out?

Edit, sign, append, and save with six of the best PDF editors

There are plenty of PDF editors to be had online, and though the selection is robust, finding a solid solution with the tools you need can be tough. Here, we've rounded up best PDF editors, so you can edit no matter your budget or OS.

How to easily record your laptop screen with apps you already have

Learning how to record your computer screen shouldn't be a challenge. Lucky for you, our comprehensive guide lays out how to do so using a host of methods, including both free and premium utilities, in both MacOS and Windows 10.

Google Translate updated to reduce gender bias in its translations

Google is changing how Google Translate offers translations. Previously when you entered a word like doctor, Translate would offer a masculine interpretation of the word. Now, Translate will offer both masculine and feminine versions.

From beautiful to downright weird, check out these great dual monitor wallpapers

Multitasking with two monitors doesn't necessarily mean you need to split your screens with two separate wallpapers. From beautiful to downright weird, here are our top sites for finding the best dual monitor wallpapers for you.

Encryption-busting law passed in Australia may have global privacy implications

Controversial laws have been passed in Australia which oblige tech companies to allow the police to access encrypted messages, undermining the privacy of encryption with potentially global effects.

Microsoft’s Chromium Edge browser may be adding your Chrome extensions

Fans sticking to Google Chrome because due to its vast extension library might be able to switch over to Microsoft's latest iteration of Edge, as a project manager confirms that the company has its eyes on Chrome extensions.

If you've lost a software key, these handy tools can find it for you

Missing product keys getting you down? We've chosen some of the best software license and product key finders in existence, so you can locate and document your precious keys on your Windows or MacOS machine.

Google+ continues to sink with a second massive data breach. Abandon ship now

Google+ was scheduled to shut its doors in August 2019, but the second security breach in only a few months has caused the company to move its plan forward a few months. It might be a good idea to delete your account sooner than later.
Social Media

‘YouTube Rewind 2018’ is about to become its most disliked video ever

YouTube is about to achieve a record it really doesn't want — that of "most-disliked video." Yes, its annual recap of featuring popular YouTubers has gone down really badly this year.

Want to save a webpage as a PDF? Just follow these steps

Need to quickly save and share a webpage? The best way is to learn how to save a webpage as a PDF file, as they're fully featured and can handle images and text with ease. Here's how.