Kickstarter has been hacked and an unknown number of user accounts’ personal information has been accessed, reports Recode.
The damage is not financial — no banking or credit information was exposed. But personal details like address and phone number, as well as encrypted passwords (more on that in a minute).
Kickstarter updated the company blog to inform members of what had happened:
Upon learning [about the attack], we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system. No credit card data of any kind was accessed by hackers. There is no evidence of unauthorised activity of any kind on all but two Kickstarter user accounts. While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one. As a precaution, we strongly recommend that you create a new password for your Kickstarter account, and other accounts where you use this password.
You plaintext passwords are safe (i.e. the hackers don’t have a readable list of passwords), but Kickstarter’s encrypted password data was breached. To stay safe, you should change your Kickstarter password.
Kickstarter ends the blog post on a completely apologetic note:
We’re incredibly sorry that this happened. We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come. We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again.