Online fund-raising site Kickstarter reported on Saturday that hackers illicitly accessed some of its customer data. The company’s co-founder, Yancey Strickler, stated on her blog that hackers accessed client user names, email addresses, passwords, and phone numbers. Although the passwords were encrypted, hackers were able to guess some of them. No credit card number was captured, though authorities noticed transactions attempted with accessed information.
Management reported that the breach occurred on Wednesday of last week, and the organization assured its clients that the breach has been closed. Strickler described the breach as “very frustrating and upsetting.” She went on to assure the Kickstarter clients that her company will seek constant improvement in its online security. Kickstarter also stated that it is working with law enforcement as the investigation moves forward. However, it did not say why they had waited to report the breach. It has since added a “Q&A” section on its blog following the press release, and many people have expressed concern about the delay in releasing the information. Many on Twitter tweeted the same concern.
The recent post on the Kickstarter blog explains that credit card information is secure with its site because the site doesn’t store full credit card numbers. When pledges are made to projects abroad, only an expiration date and last four numbers of the card are stored. The blog post assures that Kickstarter will work with the two parties whose accounts were compromised. As a precaution Kickstarter reset all Facebook login access codes to avoid any further hacking activity. Facebook users will need to reconnect if they want to use that social media site to access Kickstarter. The post reports how the passwords are encrypted. Strickler closes her online announcement by stating her deep appreciation for client support and the site being illegally accessed was upsetting for the Kickstarter staff as well.
Kickstarter’s is only among the latest in recent reports of internet piracy. Target made national news recently when it reported being a victim of internet security breach. Hackers also accessed a well-known business to steal some of its Bitcoin (internet based currency) the same weekend that Kickstarter announced its breach. Online piracy is a growing problem as more organizations do a sizable business online. Weak passwords are a common security risk, and internet security analysts recommend people update them regularly, selecting one that appears more abstract. On her blog, Strickler specifically recommends people change their password.
Kickstarter began in 2009 as a portal to fund projects ranging from film production to opening restaurants. It is used by people raising capital for their creative projects and businesses. Contributors to a project’s funding can be compensated with a myriad of rewards, including discounts, credits or other offers from Kickstarter’s respective client. Since its inception, over 100,000 projects have been funded. Donor pledges have exceeded over $100 million.
Online piracy has long been a problem in the United States and abroad. Kickstarter has made overt statements, promising to maximize security, as best as it can. Any time a company has to report that its site was hacked always suffers a public relations debacle, and this case is no different.
By Ian Erickson