Kickstarter security breach

[Prob Lem]

I just received an e-mail notification from Kickstarter about a security breach. Just posting a heads-up here just in case anyone else here has an account and hasn't seen this yet;

On Wednesday night, law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers' data. Upon learning this, we immediately closed the security breach and began strengthening security measures throughout the Kickstarter system.

No credit card data of any kind was accessed by hackers. There is no evidence of unauthorized activity of any kind on your account.

While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one.

As a precaution, we strongly recommend that you change the password of your Kickstarter account, and other accounts where you use this password.

To change your password, log in to your account at Kickstarter.com and look for the banner at the top of the page to create a new, secure password. We recommend you do the same on other sites where you use this password. For additional help with password security, we recommend tools like 1Password and LastPass.

We’re incredibly sorry that this happened. We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come. We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again.

Kickstarter is a vibrant community like no other, and we can’t thank you enough for being a part of it. Please let us know if you have any questions, comments, or concerns. You can reach us at accountsecurity@kickstarter.com.

Thank you,

Yancey Strickler
Kickstarter CEO

Visiting the Kickstarter website and logging in does indeed present you with a banner mentioning the breach and the need to change your password, so this is indeed legitimate.

Anyway, yeah, just a heads-up in case anyone hasn't heard about it yet.

[mobius]

thanks very much for letting us know this!

if you've ever donated to a project like a video game on there, does that mean you have a kickstarter account? I'll be seriously pissed if this happens to me because I only made it to donate to one thing a single time [the game Obduction being made by Cyan] last year.

[ccexplore]

This showed up on TV and Internet news as well so it is definitely real, unfortunately.  Seems like everyone is getting hacked lately.

I haven't done anything with Kickstarter before, but mobius, if you have set up some sort of account that you would use a password to log into KickStarter website, then it sounds like you could be affected.  Whereas if you were able to make the one-time payment without ever setting up an account with username/password, then you are probably okay (for now) as supposedly no credit card data was accessed.

[Prob Lem]

What ccexplore said - you do have an account, and should have received the security-breach notification at the e-mail address you registered with.

For what it's worth, Kickstarter uses Amazon Payments for dealing with credit cards, and Amazon hasn't reported any breaches, so as far as that goes things seem to be ok. It's just that Kickstarter will have some info, too, depending on what you provided to them back then, and what was required for the project you were backing.