Kickstarter was hacked, with data from an unknown number of customers stolen. The crowdfunding site did not realize the attack had taken place until federal authorities informed them of the breach and how it was done.
Hackers did not gain access to credit card data, but did gain usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. It’s recommended that all Kickstarter customers reset passwords for all things related to their email addresses, including Kickstarter.
CEO Yancey Strickler said in a blog post. “We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come.”
Kickstarter did not disclose how the breach was committed, but has said that they’ve resolved it.
This hack comes on the heels of many other hacks over the holidays for many websites and services. These included retail sites, social media, and news agencies including Gawker, Target, LinkedIn, and more. Recent hacks have also occurred on many other online properties, highlighting how dangerous it can be for users, even when strong precautions to protect passwords and data are taken.
It is expected that more information will be forthcoming as the investigation and internal audit from Kickstarter completes.