Kickstarter Hacked Last Week


If you’ve ever run or contributed to a campaign on Kickstarter, chances are you got an email from the crowdfunding site this past Saturday. According to the message, Kickstarter was hacked last Wednesday, and the intruders were able to gain “unauthorized access to some of our customers’ data.”

The email, posted here on the Kickstarter Blog, says that as soon as the company was informed of the hack by law enforcement, Kickstarter “immediately closed the security breach and began strengthening security measures throughout the Kickstarter system,” and that “no credit card data of any kind was accessed by hackers.” That’s the good news. The bad news, though, is that it’s possible that users’ personal data—like usernames, encrypted passwords, email and physical addresses, and phone numbers—may have been obtained in the breach. Worse, Kickstarter didn’t know about the breach themselves, but had to be told about it by law enforcement. That raises questions about who’s minding the store at Kickstarter.

At the very least, an update to the post offers something of an explanation as to why there was a delay from being informed on Wednesday night to the email that was sent out over the weekend. Says the post, “We immediately closed the breach and notified everyone as soon as we had thoroughly investigated the situation.” Another important aspect of the press release points out that Kickstarter itself doesn’t store users’ credit card information, and that it stores the final four digits of and expiration dates of cards for pledges to non-U.S. projects.

In all, this is something of a black eye for Kickstarter, but likely far from a deal breaker. Chances are good that the company will continue its ascent in the public consciousness, and will stay the top crowdfunding platform for a while to come. Unless these hacks become a regular occurrence, I doubt that the company’s user base will flee to alternative sites.

But don’t forget to change your password, just in case.