Jump to content

Kickstarter Says It Was Hacked


Recommended Posts

By Jason Del Rey February 15, 2014, 1:50 PM PST

Crowdfunding website Kickstarter said in an email to its members on Saturday afternoon that hackers had broken into its platform and accessed the personal information of its users.

“On Wednesday night, law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers’ data,” CEO Yancey Strickler said in the message, which was also posted to the company blog. “Upon learning this, we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system.”

The company said that credit card information was not accessed, and that there is “no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts.” (Emphasis made by the company.)

That said, a bunch of personal information was stolen, including usernames, email addresses, mailing addresses, phone numbers and encrypted passwords.

“Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one,” the message said.

As a result, the company is urging users to change their passwords on Kickstarter, as well as on any sites where the same password is used.

It’s not clear who is responsible for the hack, how many user accounts have been affected, or why it waited several days to notify its users. Earlier on Saturday, the Syrian Electronic Army said it had published user data from Forbes after it broke into the publisher’s system.

“We’re incredibly sorry that this happened,” the Kickstarter message says. “We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come.”

I’ve reached out to Kickstarter for more information and will update this post when I hear back.

Update 6:45 pm ET: Kickstarter has added a section of questions and answers to the bottom of its post. In it, the company attempts to explain why it waited several days to notify its users — a question that has popped up several times on Twitter since news of the hack broke. “We immediately closed the breach and notified everyone as soon we had thoroughly investigated the situation,” the company said.

Kickstarter also reiterated that credit card data was not compromised. Still, the company explained that it never stores entire credit card numbers, and only stores the last four digits “for pledges to projects outside of the U.S.”

A company spokesman has yet to respond to a couple of other queries from Re/code, including how long the hackers had access to the site.

Link to comment
Share on other sites

  • Replies 3
  • Views 1.6k
  • Created
  • Last Reply

Top Posters In This Topic

  • anuseems


  • kn_andre


  • SlimRock


  • Turk


Top Posters In This Topic

Hackers breached Kickstarter's defenses and stole the information of an unspecified number of customers

From The Verge:

The company learned of the breach on Wednesday from law enforcement officials, and quickly resolved the breach, Kickstarter said today. It did not disclose how the breach occurred.

No credit card data was accessed, the popular crowdfunding site said, but hackers did gain access to usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. The company recommends that all users create new passwords for their accounts and any other accounts that use the same password.


Edited by anuseems
Link to comment
Share on other sites

Hold on tight to your Seats guys ..... I Smell a Class A LawSuit !! Someone will be made to pay for this Breach ... Cheers for sharing Guys ....

Link to comment
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...