Kickstarter bug granted access to unlaunched projects
Posted on 16 May 2012.
Bookmark and Share
A bug in the private application programming interface (API) of Kickstarter, the popular crowd funding website for creative projects, has exposed details about 70,000 projects that will be launched on the website in the near future.


"For those who are unfamiliar, an API is a software interface that allows software to communicate with one another. It's not like a webpage that an internet user could point their browser to. It is a feed of data meant to be shared between software. The API in this instance is for Kickstarter's internal use," explains Yancey Strickler, one of the site's cofounders.

The bug was the result of a site upgrade effected on April 24, but was fixed only on May 11, after Kickstarter's engineers were notified of it by a WSJ reporter who discovered it.

Among the details that were accessible are project descriptions, goals, duration, rewards, videos, images, location, category, and the user name.

Less than 50 unlaunched projects were accessed during the three weeks the bug was present, and that includes views by Kickstarter's own team of developers.

Strickler made sure to point out that no financial or account information was accessible at any time, but he still described the incident as "unacceptable."







Spotlight

Is it time to professionalize information security?

Posted on 23 May 2013.  |  The issue of whether or not information security professionals should be licensed to practice has already been the topic of many a passionate debate.


Daily digest

By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
  
Weekly newsletter

With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
  

 
DON'T
MISS
Fri, May 24th
    COPYRIGHT 1998-2013 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //