Coming hot on the heels of the recent Adobe hacking is news that on Wednesday night crowd-funding platform Kickstarter.com had a security breach putting their filmmaker user database at risk.
CEO of Kickstarter Yancey Strickler announced the hacking on the official blog stating that website security only became aware of the issue after law enforcement officers contacted Kickstarter HQ. Assurances from Strickler were made that no credit card info was accessed, stating that “Kickstarter does not store full credit card numbers. For pledges to projects outside of the US, we store the last four digits and expiration dates for credit cards. None of this data was in any way accessed” – unauthorised activity was only noted on two Kickstarter users accounts.
There is still the matter of “usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords” however, and users have been advised that Kickstarter passwords should be changed immediately and on other accounts where the same password has been used. According to the blog post older passwords were encrypted via “uniquely salted and digested with SHA-1 multiple times. More recent passwords are hashed with bcrypt”.
Strickler also apologised for the breach stating, “We’re incredibly sorry that this happened. We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come. We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again”.
For more information about the breach check the official announcement here: www.kickstarter.com/blog/important-kickstarter-security-notice