On Saturday February 15th at 4:25 pm I received, like many others, a security notice in my email from Kickstarter informing me that the site had been compromised by hackers.
Yancey Strickler, the CEO of the crowdfunding platform, has the following to say:
On Wednesday night, law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers’ data. Upon learning this, we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system.
No credit card data of any kind was accessed by hackers. There is no evidence of unauthorized activity of any kind on your account.
While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one.
As a precaution, we have reset your Facebook login credentials to secure your account. No further action is necessary on your part.
We’re incredibly sorry that this happened. We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come. We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again.
Kickstarter is a vibrant community like no other, and we can’t thank you enough for being a part of it. Please let us know if you have any questions, comments, or concerns. You can reach us at firstname.lastname@example.org.
I should also add that if you have a direct password with Kickstarter, please change your password. Exiting and logging back into the site with your chosen social media, or at least Facebook will require you retyping your login and password, but you should be fine.
It is a good thing that no credit card information has been stolen, but the fact that this happened at all is troubling. Many of us in what many consider to be the geek community utilize Kickstarter and other crowdfunding platforms to back and support our favourite creators and become a more direct part in funding their works. In fact, it wasn’t too long ago that I wrote two articles on some popular Kickstarter campaigns on this very site.
One can only hope that in addition to the measures that Kickstarter taken after the fact that not only will the authorities trace just whom accessed the above data, but that it, and other platforms, can take the necessary precautions in preventing anything like this from happening again in the future.
Until then, fellow geeks, change your passwords, re-login and keep yourselves posted.