Kickstarter has sent out an alert to all its registered users warning that the popular crowd-funding platform has been hacked. No credit card data was stolen, but account names and passwords were.
Kickstarter was alerted to the hack on Wednesday, 12 February 2014, by “law enforcement officials” the company stated.
According to Kickstarter CEO Yancey Strickler, “hackers had sought and gained unauthorized access to some of our customers’ data. Upon learning this, we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system.”
Strickler said no credit card data of any kind was accessed by hackers.
“Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one,” said Strickler.
Kickstarter recommends that users change the password of their Kickstarter account, and other accounts where the same password is used.
“We’re incredibly sorry that this happened. We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come. We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again,” said Strickler.