Company Claims No Credit Card Information Has Been Stolen.
In a note to users of the crowdfunding platform Kickstarter, CEO Yancy Strickler announced that unauthorized access to customer data had occurred as hackers had compromised the Kickstarter platform.
The information was said to have come from law enforcement officials, this past Wednesday. Kickstarter stated regarding the attack;
“.. we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system”.
Strickler continued with his statement that;
“No credit card data of any kind was accessed by hackers. There is no evidence of unauthorized activity of any kind on (your) account(s).”
- email addresses
- telephone numbers
- encrypted passwords (but actual passwords were not compromised)
Kickstarter strongly encouraged all users to update their passwords as determined individuals may be able to crack the encrypted passwords especially for passwords that are weak or obvious.
The company indicated they have updated procedures and processes in numerous ways and are working closely with law enforcement individuals to address the incursion. As of today Kickstarter claims over 5.6 million backers on their platform.
Kickstarter has posted some additional information regarding the attack.
How were passwords encrypted?
Older passwords were uniquely salted and digested with SHA-1 multiple times. More recent passwords are hashed with bcrypt.
Does Kickstarter store credit card data?
Kickstarter does not store full credit card numbers. For pledges to projects outside of the US, we store the last four digits and expiration dates for credit cards. None of this data was in any way accessed.
If Kickstarter was notified Wednesday night, why were people notified on Saturday?
We immediately closed the breach and notified everyone as soon we had thoroughly investigated the situation.
Will Kickstarter work with the two people whose accounts were compromised?
Yes. We have reached out to them and have secured their accounts.
I use Facebook to log in to Kickstarter. Is my login compromised?
No. As a precaution we reset all Facebook login credentials. Facebook users can simply reconnect when they come to Kickstarter.