Crowdfunding website Kickstarter posted an explanation and apology on Saturday, revealing and detailing a security breach from earlier in the week.
“On Wednesday night, law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers’ data,” the Feb. 15 blog post began. “Upon learning this, we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system.”
“No credit card data of any kind was accessed by hackers,” the company emphasized. “There is no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts.”
Usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords were accessed, but that’s about all, CEO Yancey Strickler wrote: “Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one.”
Strickler recommended that all users change their Kickstarter passwords immediately.
“We’re incredibly sorry that this happened,” he concluded. “We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come. We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again.”