Kickstarter hacked, CC info allegedly safe

Popular crowd-funding website Kickstarter has been hacked, with attackers accessing the data of several of the website’s users.

According to a blog entry by Kickstarter CEO Yancey Strickler, law enforcement alerted the company midway through last week that hackers had gained unauthorised access to some of its customers’ data.

“Upon learning this, we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system,” Strickler wrote in the blog.

Strickler said that “no credit card data of any kind was accessed by hackers" and that there was "no evidence of unauthorised activity of any kind on all but two Kickstarter user accounts”.

Attackers accessed information including usernames, email addresses, mailing addresses, phone numbers and encrypted passwords.

Strickler said that, while Kickstarter does not store full credit card numbers, it does store the last four digits and expiration dates for credit cards in some pledges. However, none of that stored data was accessed in the attack, he claimed.

Strickler noted that, while the passwords the attackers obtained were encrypted, “it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one”.

Kickstarter has recommended that its users change the password on their Kickstarter account, and on any other account where they had used that password.

Strickler apologised for the breach and claimed that, since the attack, the company has improved its security procedures and systems.