Saturday, 15 February 2014

Kickstarter: We Were Hacked, User Information Exposed


Kickstarter, a leading crowdfunding site, revealed it was hacked last week. In a blog post published Saturday, Kickstarter said law-enforcement officials contacted the company Wednesday night, and alerted it to unauthorized access by hackers.

No credit-card data was stolen, but hackers did manage to access some user information, Kickstarter CEO Yancey Strickler wrote in the post.

"Accessed information included usernames, email addresses, mailing addresses, phone numbers and encrypted passwords," he wrote. "Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one."

Following the breach, Kickstarter is recommending that all users change their passwords.

In response to the hack, Strickler said Kickstarter has already taken steps to improve its security, and is currently "working closely with law enforcement" to prevent a similar incident in the future.

And while Kickstarter has certainly garnered good will with users over the years, some may question why the crowdfunding site waited nearly four days before informing them about the hack, and instructing them to change their password information.

"For everyone’s security, we wanted to be sure the breach was fully secured before notifying all of our customers," according to a company message.

A Kickstarter spokesperson did not immediately respond to a request for comment.

IMAGE: KICKSTARTER/FACEBOOK