Kickstarter Hacked, User Names and Encrypted Passwords Accessed
User data was stolen, though credit card information remained intact, Kickstarter said
Sat, February 15, 2014
IDG News Service (New York Bureau) — The crowdfunding website Kickstarter said Saturday it had been hacked and that user names, encrypted passwords and other data had been accessed.
Kickstarter said it was informed of the hack Wednesday by law enforcement officials and that it had now closed the breach and strengthened its security.
"Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one," CEO Yancey Strickler said in an email to users.
The data accessed also included email addresses, mailing addresses and phone numbers, Strickler wrote. No credit card data was accessed, he said.
"There is no evidence of unauthorized activity of any kind on your account," Strickler wrote.
Users are advised to change the password on their account, and on any other accounts where they use the same passwords.
Kickstarter is a site where people can make donations to fund projects. It doesn't store full credit card information on its website, only the last four digits, and those numbers were not accessed by the hackers, the company said in a security notice.
Though Kickstarter was notified of the breach on Wednesday, it waited to tell customers until after the investigation was complete, the notice said.
Facebook user names and logins were not compromised for those who use that log-in system to get on Kickstarter, according to the notice.