Kickstarter hacked. Change your password now

Kickstarter hacked. Change your password now

Summary: The popular crowdfunded site Kickstarter has been hacked and the breach included usernames and passwords. Change your password now to prevent further damage.

SHARE:
TOPICS: Security
4

Kickstarter suffered a data breach that may have led to the disclosure of personal information.

On Saturday, I received this notification in my inbox. If you have a Kickstarter account or campaign, you need to read and heed the following message: 

"On Wednesday night, law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers' data. Upon learning this, we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system.

No credit card data of any kind was accessed by hackers. There is no evidence of unauthorized activity of any kind on your account.

While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one.

As a precaution, we strongly recommend that you change the password of your Kickstarter account, and other accounts where you use this password.

To change your password, log in to your account at Kickstarter.com and look for the banner at the top of the page to create a new, secure password. We recommend you do the same on other sites where you use this password. For additional help with password security, we recommend tools like 1Password and LastPass.

We’re incredibly sorry that this happened. We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come. We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again.

Kickstarter is a vibrant community like no other, and we can’t thank you enough for being a part of it. Please let us know if you have any questions, comments, or concerns. You can reach us at accountsecurity@kickstarter.com.

Kickstarter, for those of you who don't know, is a crowdfunding site for projects of all kinds including movies, books, art, and new products. 

As soon as you login to Kickstarter, you're prompted to change your password due to the security breach.

As you might know, I'm not a big fan of Kickstarter because of the way projects are funded but I have to say that I'm proud of the chief executive for coming forward so quickly about the breach. Other companies should follow the same transparent ideal and admit when something like this happens so that customers and members can take immediate action.

I think that this is a move in the right direction for companies and sites that have been hacked. Though not much is currently known about the hack, therefore you should take all precautions against brute force attacks against the password files that were captured by changing your password immediately.

Topic: Security

About

Kenneth 'Ken' Hess is a full-time Windows and Linux system administrator with 20 years of experience with Mac, Linux, UNIX, and Windows systems in large multi-data center environments.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • Received different email from Kickstarter?

    I received a slightly different email from Kickstarter, since my account with them is linked to my Facebook account. Mine did not suggest changing passwords, but instead said "As a precaution, we have reset your Facebook login credentials to secure your account. No further action is necessary on your part." What does "reset my Facebook login credentials" mean?
    JCMusic251
    • FB login

      Wonder if you have to link your fb account to them again or something.
      lorint
  • passwords in plain text?

    Does this mean passwords were in plain text? Seriously, hashing passwords is not that hard.
    t205
  • Time for 2fa!

    Alright, I think it's time Kickstarter jumps on the two factor authentication bandwagon with everyone else who has been hacked. There are so many 2fa solutions, it's time EVERYONE starts to utilize them. I found an awesome one through LastPass called Toopher that uses location awareness to make the actual process invisible to the user. It's pretty awesome! Time for companies to start doing their research and taking our security more serious.
    Jgibson987