Kickstarter CEO and co-founder, Yancey Strickler said in a statement last night that they had been contacted on Wednesday by law enforcement officials, notifying them of a security breach.
In a very apologetic post on Kickstarter, Mr Strickler admitted that the site had been compromised, and strongly advised users to change their password – especially if they are weak, obvious or used elsewhere.
“While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one…
“To change your password, log in to your Kickstarter account and look for the banner at the top of the page to create a new, secure password. We recommend you do the same on other sites where you use this password. For additional help with password security, we recommend tools like 1Password and LastPass.”
There has been a number of high-profile hacks in the game community over the last few years; most notoriously, Sony’s PSN service was hacked back in 2011 – an event which cost the company £250,000 in fines by the UK government last year.
Kickstarter has been asked why they waited until Saturday to inform the public. Their response? “upon learning [of the breach], we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system… and notified everyone as soon we had thoroughly investigated the situation.”
For most of us, the only compromised data was encrypted passwords. But for two unlucky individuals, there’s been evidence of unauthorized activity on their account. They have been “reached out to”, and had their accounts secured.
For those of people who log in via Facebook, Mr Strickler announced that logins are not compromised, and that their credentials have been reset as a precaution.
“We’re incredibly sorry that this happened. We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come. We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again,” Strickler said. “Kickstarter is a vibrant community like no other, and we can’t thank you enough for being a part of it. Please let us know if you have any questions, comments, or concerns. You can reach us at email@example.com.”
The full post can be seen here.