This past weekend crowd-funding platform Kickstarter sent a mail to its users explaining that it had been informed of a security breach by US officials, last week.
To put users’ minds at ease, the company stressed in its communication that no credit card details were leaked. Kickstarter uses third-party payment system, Amazon Payments, and does not store credit card details of its users. However, other details for Kickstarter accountholders were leaked in the security breach. These details include usernames, email addresses, physical addresses, and phone numbers. Passwords are encrypted, but if an attacked wanted to, Kickstarter points out, they could crack those.
The company apologised profusely in its email, the full text of which is below, and it urges users to change their passwords. Indeed, logging in to the Kickstarter site will immediately warn users of the situation and offer them an opportunity to change their password.
Information has also surfaced that only two users’ accounts were compromised, the company’s proactive response and transparency in the matter is refreshing. This is especially important in this age of internet spying, data leaks, and mass hacks.
On Wednesday night, law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers’ data. Upon learning this, we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system.
No credit card data of any kind was accessed by hackers. There is no evidence of unauthorized activity of any kind on your account.
While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one.
As a precaution, we strongly recommend that you change the password of your Kickstarter account, and other accounts where you use this password.
To change your password, log in to your account at Kickstarter.com and look for the banner at the top of the page to create a new, secure password. We recommend you do the same on other sites where you use this password. For additional help with password security, we recommend tools like 1Password and LastPass.
We’re incredibly sorry that this happened. We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come. We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again.
Kickstarter is a vibrant community like no other, and we can’t thank you enough for being a part of it. Please let us know if you have any questions, comments, or concerns. You can reach us at [email protected]