Popular Crowdfunding Site Kickstarter Hacked, Asks Users To Reset Passwords
Kickstarter, a popular crowdfunding site where new business ventures can receive funding from strangers on the web, fell victim to hackers earlier this week, and notified its users to change their password information on Saturday.
Though the site confirmed that no credit card information was stolen, attackers did find user nams, emails, mailing addresses, phone numbers and encrypted passwords. Since being alerted by Law Enforcement officials of this security breach, the crowdfunding platform has adjusted some of its security to avoid this from happening again.
The site was launched in 2009, and since then, over 100 000 crowdfunding projects have been funded, with millions of dollars pledged to a wide variety of causes. It has opened its doors to Canadian projects last year.
Crowdfunding has changed the way people do business, showing business people that they can fund projects with the support of many small backers, instead of a handful of venture capitalists.
In a written statement you can read here, Kickstarter CEO Yancey Strickler answered a few frequently asked questions:
How were passwords encrypted?
Older passwords were uniquely salted and digested with SHA-1 multiple times. More recent passwords are hashed with bcrypt.
Does Kickstarter store credit card data?
Kickstarter does not store full credit card numbers. For pledges to projects outside of the US, we store the last four digits and expiration dates for credit cards. None of this data was in any way accessed.
If Kickstarter was notified Wednesday night, why were people notified on Saturday?
We immediately closed the breach and notified everyone as soon we had thoroughly investigated the situation.
Will Kickstarter work with the two people whose accounts were compromised?
Yes. We have reached out to them and have secured their accounts.
I use Facebook to log in to Kickstarter. Is my login compromised?
No. As a precaution we reset all Facebook login credentials. Facebook users can simply reconnect when they come to Kickstarter.