17 Feb 2014

Kickstarter Notifies Customers over Security Breach; User Data Stolen

Kickstarter started sending notification letters on Saturday to all customers after a security breach, according to a press release. User credentials, phone numbers, email and mailing addresses, even encrypted passwords have been accessed by hackers.

The security breach was discovered by law enforcement officials who contacted Kickstarter on Wednesday. Shortly after, the breach was closed and measures were taken to strengthen the security.

“No credit card data of any kind was accessed by hackers,” the notification letter said. “There is no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts.”

All stolen passwords were encrypted in SHA-1 and hashed with bcrypt. Also, all Facebook log-in credentials were reset. So far no credit card data have been compromised as they do not store full credit card numbers and allegedly it was not accessed.

“As a precaution, we strongly recommend that you create a new password for your Kickstarter account, and other accounts where you use this password,” the letters advised.