The latest scare in the security world comes from crowd sourcing giant Kickstater. Kickstarter recently announced that a group of hackers were able to gain access to their servers and that millions of users may have had their personal information compromised. The data accessed includes usernames, e-mail and mailing addresses, phone numbers, and encrypted passwords. While the passwords were encrypted it’s important to note that anyone able to orchestrate this kind of attack likely has the know how to get through the encryption.
Kickstarter was adamant that no financial data, such as credit card numbers, was compromised. Even so, security experts are worried about this latest leak. Though the information accessed doesn’t pose an immediate threat to users, experts have pointed out that with access to users e-mail addresses and what amounts to a pretty detailed list of their interests in the form of recently backed Kickstarter projects; malicious users can create sophisticated phishing e-mails targeted at Kickstarter’s users.
See Kickstaters’ e-mail to users below:
On Wednesday night, law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers’ data. Upon learning this, we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system.
No credit card data of any kind was accessed by hackers. There is no evidence of unauthorized activity of any kind on your account.
While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one.
We’re incredibly sorry that this happened. We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come. We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again.
Kickstarter is a vibrant community like no other, and we can’t thank you enough for being a part of it. Please let us know if you have any questions, comments, or concerns. You can reach us at accountsecurity@kickstarter.