Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


In this Discussion

Kickstarter Bug Leaves 70k Projects Exposed Online
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Kickstarter Bug Leaves 70k Projects Exposed Online

beardbeard Member
edited May 2012 in General

Source: http://www.networkworld.com/community/blog/kickstarter-lapse-leaves-70000-project-ideas-exposed

On Friday one of our engineers uncovered a bug involving Kickstarter's private API, which is used to display projects on the Kickstarter homepage. This bug allowed some data from unlaunched projects to be made accessible via the API. It was immediately fixed upon discovering the error. No account or financial data of any kind was made accessible.

The bug was introduced when we launched the API in conjunction with our new homepage on April 24, and was live until it was discovered and fixed on Friday, May 11, at 1:42pm. The bug made accessible the project description, goal, duration, rewards, video, image, location, category, and user name for unlaunched projects.

Based on our research, the overwhelming majority of the private API access was by a computer programmer/Wall Street Journal reporter who contacted us. Outside of that person's use, our research shows that a total of 48 unlaunched projects were accessed during the three weeks this bug was live (this number includes a number of views by Kickstarter's developers working on the API itself).

Obviously our users' data is incredibly important to us. Even though limited information was made accessible through this bug, it is completely unacceptable.

Comments

  • RophRoph Member

    A bit of a sensationalist title, don't you think?

  • beardbeard Member

    They cannot confirm and the writer for Network World is looking for some headlines

Sign In or Register to comment.