Add Kickstarter to the growing list of sites that have recently been hacked. The crowdfunding website’s CEO, Yancey Strickler, announced the security breach via blog post on Saturday and thankfully, it doesn’t appear as though too much damage was done.
Kickstarter was first made aware of the hack by law enforcement officials on Wednesday night. Although the attackers were able to access select customer data, no credit card data was compromised during the attack. What’s more, the company tells us there is no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts.
Hackers did manage to gain access to usernames, e-mail addresses, mailing addresses, phone numbers and encrypted passwords, however. Actual passwords were not revealed although it is possible for someone with enough computing power to use brute force to crack encrypted passwords, especially those that are weak or obvious.
The company said they immediately closed the security breach and began strengthening security measures throughout the entire network as soon as they learned of the attack. They waited until Saturday to announce the breach in order to have time to thoroughly investigate the situation, Strickler said.
As a precaution, Kickstarter strongly recommends that all users create a new password for their Kickstarter account as well as any other account that may have used the same password. The company also reset all Facebook login credentials for those that use the social network to log into Kickstarter. These users can simply reconnect when they come back to Kickstarter, we’re told.