In a blog post today, CEO Yancey Strickler hackers gain access to user information. The information that was lifted is limited to names, email address, mailing addresses, phone numbers, and encrypted passwords. However, KickStarter has reassured users that no credit card information was accessed when users hacked the site. They also say the breach was closed immediately and security measures were boosted system wide.
Users are being pushed to change their passwords as a safety measure, and many users should because the passwords were stolen. “We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come,” Strickler wrote.
KickStarter answered a few questions that many users and the press were asking.
- Passwords were protected in one of two ways. Old passwords were salted and hashed with the SHA-1 protocol. Newer passwords were hashed with bcrypt
- The company says it took 4 days to alert customers because they had to wait until they’d “thoroughly investigated the situation.”
- Two accounts showed (unspecified) unauthorized activity; both of those accounts have been re-secured.
- If you use Facebook to login to Kickstarter, the company says your FB account hasn’t been compromised. They’ve reset all Facebook tokens, which severs any ties Kickstarter has to your Facebook account until you manually give it permission again.
The site is the latest target after a slew of hacks on different high profile websites. While the hack accessed some information nothing enough to put users at a high risk.