Kickstarter Hacked, Usernames, Email Addresses and Phone Numbers Accessed

Popular crowdfunding site got hacked

Kickstarter informed in their blog about an attack which was made in last Wednesday. Hackers accessed usernames, email addresses, phone numbers, mailing addresses and encrypted passwords. Luckily no credit card details were leaked.

Kickstarter answered a few questions about this incident:

  • How were passwords encrypted? Older passwords were uniquely salted and digested with SHA-1 multiple times. More recent passwords are hashed with bcrypt.
  • Does Kickstarter store credit card data? Kickstarter does not store full credit card numbers. For pledges to projects outside of the US, we store the last four digits and expiration dates for credit cards. None of this data was in any way accessed.
  • If Kickstarter was notified Wednesday night, why were people notified on Saturday? We immediately closed the breach and notified everyone as soon we had thoroughly investigated the situation.
  • Will Kickstarter work with the two people whose accounts were compromised? Yes. We have reached out to them and have secured their accounts.
  • I use Facebook to log in to Kickstarter. Is my login compromised? No. As a precaution we reset all Facebook login credentials. Facebook users can simply reconnect when they come to Kickstarter.
Published Feb. 17th 2014
View Comments
  • FeelsRightDesign
    Before the announcement I noticed a few strange things happening on the back end and changed my password immediately. They kept making me sign in for every single action including sending messages to backers and commenting. Overall though I feel Kickstarter is a safe community and will continue to use them for projects.

New Cache - article_comments_article_12467