Kickstarter may be known as a platform for those looking to fund new and original ideas, but that doesn’t mean it isn’t vulnerable to the same old problems faced by pretty much any other online enterprise. Customers of the crowdsourcing website received an email this evening warning that the security of their account information has been compromised. Law enforcement made Kickstarter aware of the breach earlier in the week, at which point they “immediately closed the security breach and began strengthening security measures throughout the Kickstarter system.” Although no credit card information was affected by the breach, Kickstartr says “[a]ccessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords.”
You can read the full email, titled “Important Kickstarter Security Notice” below:
On Wednesday night, law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers’ data. Upon learning this, we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system.
No credit card data of any kind was accessed by hackers. There is no evidence of unauthorized activity of any kind on your account. While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one.
As a precaution, we have reset your login credentials to secure your account. No further action is necessary on your part.
We’re incredibly sorry that this happened. We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come. We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again.
Kickstarter is a vibrant community like no other, and we can’t thank you enough for being a part of it. Please let us know if you have any questions, comments, or concerns. You can reach us at firstname.lastname@example.org.
As a precaution, Kickstarter is recommending that all users change their passwords. More information about the breach, including an FAQ, can be found at the Kickstarter blog post here.