The burgeoning crowdfunding industry has walked with some swagger in recent weeks. But there should be more caution in its step now that one of its major players, Kickstarter, just admitted to being hacked.
New York City-based Kickstarter announced Saturday that its customers’ data had been compromised. Kickstarter learned of the hack when law enforcement officials contacted the donation-based crowdfunding platform Wednesday night informing the company that hackers had gained access to some of its customers’ data.
In the hack, email addresses, user names, mailing addresses, personal phone numbers and encrypted passwords of Kickstarter customers were obtained.
While actual passwords were not obtained, Yancey Strickler, Kickstarter's chief executive, said in a blog post that a “malicious person” with enough computing power can crack encrypted passwords, especially a password that is not complex. Strickler recommended that customers change their password for their Kickstarter account and any other accounts where a customer uses that same password.
No credit card data was obtained and no unauthorized charges were made of any kind, Strickler said. Kickstarter does not store full credit card numbers. It does store the last four digits and expiration dates of credit cards for projects based outside the U.S., but Strickler insisted that “none of this data was in any way accessed,” in the post.
In a separate letter to Kickstarter stakeholders, Strickler apologized for about the incident. “We set a very high bar for how we serve our community, and this incident is frustrating and upsetting,” he said. Strickler also pointed out that as soon as Kickstarter learned of the hack, it began strengthening its security system. “We are working closely with law enforcement and we are doing everything in our power to prevent this from happening again.”
Since it’s inception in April of 2009, more than $981 million has been raised on Kickstarter for more than 56,000 projects from more than 5.6 million people.
The attack on Kickstarter is the latest in a string of hacks. Target was recently involved in a high-profile hack, as was clothing retailer Neiman Marcus.