User Data Has Been Stolen As Kickstarter Gets Hacked

Yesterday was a bad day for the people at Kickstarter, both within the company and the sites user base which relies on the site to raise funds for various projects. In a statement, Kickstarter have said that hackers hit the crowd-funding site and made off with user information in the process.

Fortunately no credit card information appears to be taken, but usernames, email addresses, mailing addresses, phone numbers and even encrypted passwords have been taken.

“Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one, as a precaution, we strongly recommend that you create a new password for your Kickstarter account, and other accounts where you use this password.” said Kickstarter in a recent blog post.

Kickstarter was made aware of the breach on Wednesday night and the company is said to have immediately closed the breach and began strengthening security measures throughout their systems. The company is keen to stress that no credit card data of any kind was accessed, and that there is no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts.

Below is a FAW which was released by Kickstarter for those concerned about the attack on the site, and we’ll update you as soon as we know anything else about the situation.

How were passwords encrypted?
Older passwords were uniquely salted and digested with SHA-1 multiple times. More recent passwords are hashed with bcrypt.

Does Kickstarter store credit card data?
Kickstarter does not store full credit card numbers. For pledges to projects outside of the US, we store the last four digits and expiration dates for credit cards. None of this data was in any way accessed.

If Kickstarter was notified Wednesday night, why were people notified on Saturday?
We immediately closed the breach and notified everyone as soon we had thoroughly investigated the situation.

Will Kickstarter work with the two people whose accounts were compromised?
Yes. We have reached out to them and have secured their accounts.

I use Facebook to log in to Kickstarter. Is my login compromised?
No. As a precaution we reset all Facebok

Thank you CNET and Kickstarter for providing us with this information.