Kickstarter was hacked, and user data was stolen. Were you affected? What should you do now? Here are the facts you need to know.
1. Kickstarter Took a Long Time to Report the Hack
Kickstarter Security Notice: a breach was discovered by officials last week. User data have been accessed by hackers. http://t.co/LE48JFdhRJ
— Bitdefender (@Bitdefender) February 17, 2014
The privacy breach actually took place on February 12. However, Kickstarter did not alert users about the security issue until they posted an entry on the Kickstarter blog on February 15.
On the blog post's FAQ update, the Kickstarter team answered a common question about their response time:
"If Kickstarter was notified Wednesday night, why were people notified on Saturday?
We immediately closed the breach and notified everyone as soon we had thoroughly investigated the situation."
2. Credit Card Info Is Safe
R/t Thoughts on the Kickstarter hack. My latest guest post on We Live Security http://t.co/i3r8ihO6ND
— Graham Cluley (@gcluley) February 17, 2014
While user data was stolen, Tech Times reports that no credit card data was compromised. However, email addresses, phone numbers and passwords were compromised.
3. CEO Suggests Password Changes
— securityninja (@securityninja) February 17, 2014
The CEO of Kickstarter has reportedly told users that they should change their Kickstarter passwords, just to be on the safe side. CNN reports:
"Kickstarter CEO Yancey Strickler said in a blog post that usernames, passwords, mailing addresses, e-mail addresses and phone numbers had been compromised by hackers…
'(W)e strongly recommend that you create a new password for your Kickstarter account, and other accounts where you use this password,' Strickler said...'We're incredibly sorry that this happened. We set a very high bar for how we serve our community, and this incident is frustrating and upsetting.'"
4. The Vulnerability Is Fixed
It was already helping our deadbeat friends and relatives panhandle; now it's let passwords fall into hands of hackers-Thanks, Kickstarter!
— Charles Leerhsen (@CharlesLeerhsen) February 17, 2014
According to NY Daily News, the vulnerability which the hackers exploited has since been fixed.
5. Only 2 People's Accounts Were Affected
Kickstarter: We Were Hacked, User Information Exposed http://t.co/KFCpQKkT71 Me: I see a crowd-funded security app it is future.
— Lance Ulanoff (@LanceUlanoff) February 16, 2014
According to the official Kickstarter blog, "There is no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts."