Encrypted Passwords, User Info Accessed in Kickstarter Hack
Kickstarter informed users Saturday that the crowdfunding service was hacked last week, saying however no credit card data was accessed in the security breach.
The email sent to users, signed by Kickstarter Chief Executive Officer Yancy Strickler, stated police informed the company of a security breach that occurred Wednesday:
“While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords,” the email reads. “Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one.”
According to a blog posted at Kickstarter.com, abnormal activity was detected on the accounts of two Kickstarter users, but no other accounts have shown signs of compromise. Still, the company suggests users change their Kickstarter passwords, and the passwords for any other accounts that share the same password as their Kickstarter accounts. If you use Facebook to log in, the blog states that Kickstarter has already reset those credentials.
The blog also says Kickstarter didn’t notify users on Wednesday because it was looking into the situation, and “notified everyone as soon we had thoroughly investigated the situation.”
Kickstarter did not offer any more information when contacted for comment.