According to Kickstarter’s blog post, on Wednesday night, law enforcement officials contacted Kickstarter and alerted them that hackers gained unauthorized access to some of it’s customers data. Kickstarter says that they took all the necessary security measures and they immediately closed the security breach.
No credit card data of any kind was accessed by hackers. There is no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts.
While no credit card data was accessed, some information about their customers which included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords was stolen. In order to prevent upcoming hacks, the Kickstarter recommends it’s users to change their passwords as soon as possible with some strong passwords, so the hackers won’t be able to guess the real password, because them are encrypted. Right now, if the hackers who accessed the users data have enough computer power, they can crack the encrypted password.
As a precaution, we strongly recommend that you create a new password for your Kickstarter account, and other accounts where you use this password.
Some security measures taken by the Kickstarter Security staff:
- Older passwords were uniquely salted and digested with SHA-1 multiple times. More recent passwords are hashed with bcrypt.
- As a precaution they have reset all Facebook login credentials. Facebook users can simply reconnect when they come to Kickstarter.
- Kickstarter does not store full credit card numbers. For pledges to projects outside of the US, we store the last four digits and expiration dates for credit cards. None of this data was in any way accessed.
Source – Kickstarter Blog