Crowd-funding platform Kickstarter announced over the weekend that they had been hacked, with a fairly large cross-section of user information being compromised.
That information includes “…usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords” but Kickstarter says that there were no cleartext passwords in the information that was accessed. They do warn, however, that someone with enough computing grunt might be able to break the encryption of some of the more obvious passwords.
What wasn’t taken, unusually for this type of hack, was credit card information, according to Kickstarter. The company still warns that users should change their passwords, as well as the passwords on any online accounts that use the same details.
Kickstarter didn’t detect the hack themselves, according to the blog post concerning the intrusion. “Law enforcement officials” notified the company about the digital break-in and the company has said that “We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come. We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again.”
Source: Ars Technica