Kickstarter became the latest hacking victim as they announced this week that their servers had been compromised and user information had been stolen. In a letter from CEO Yancey Strickler, Kickstarter confirmed the breach but emphasized to its users that no credit card data had been stolen. Personal names, user names, physical addresses, and phone numbers were among the data that was compromised. Strickler stated that no passwords were revealed, but that it remained possible for passwords to be compromised, particularly if a user had a “weak or obvious one.” The letter concluded by recommending that all Kickstarter users change their passwords.
The breach occurred on Wednesday night. Kickstarter stated that it has already taken steps to enhance its internal security and is communicating with law enforcement agencies in order to prevent future breaches. Some users questioned why Kickstarter waited nearly four days after the breach to inform the public. In a reply to Mashable, Kickstarter stated that they wanted to ensure that the breach had been fully secured before making the hack public. They did not want other hackers potentially becoming aware of the situation and taking advantage of Kickstarter’s vulnerability before the situation could be resolved.
Kickstarter also assured its users that it would continue taking future steps to secure its infrastructure and the information of its users. Kickstarter becomes the latest victim in a series of high profile data breaches where major companies have lost customer data. The largest, and potentially most damaging, of these breaches involved retailer Target. The company revealed in January that as many as 70 million customers had personal data, including credit card numbers, PIN’s, and expiration dates. In this respect the Target breach was far more widespread and financially damaging. Kickstarter is a popular service, but still did not possess that level of customer data. Nevertheless, Kickstarter still became the latest hacking victim and did have some user information exposed.
Kickstarter has become symbolic of the “crowd funding” phenomenon. An ever increasing number of video game developers, board game enthusiasts, movie directors, and others have come to sites like Kickstarter in order to fund their ambitions. They have become convinced that they can better bring their visions to life if they are not bound to the wishes of a major publisher or financial backer, and will instead have more freedom to pursue their creative vision if it has the backing of dedicated fans rather than investors who are simply looking for a cash return.
Some high profile Kickstarter campaigns of recent months involve a motion picture treatment for cult favorite series Veronica Mars. The campaign raised nearly $6 million and spawned the creation of a web series starring the titular character. One of the largest “crowd funding” projects to date however is the upcoming space simulator Star Citizen. It raised nearly $3 million through Kickstarter itself, but has gone on to raise over $38 million in donations to date, mostly through its own website. These projects are a testament to the popularity of “crowd funding” in general and websites like Kickstarter.
In terms of data lost, Kickstarter users escaped the worst consequences as no credit card or “hard” financial information was revealed in this breach. Kickstarter just became the latest hacking victim and did have some of its user information exposed.
By Christopher V. Spencer