Kickstarter hacked, no credit cards compromised but your Facebook login has been reset

Kickstarter hacked, no credit cards compromised but your Facebook login has been reset

Kickstarter, the popular crowd-funding service, has has been hacked. No credit cards were compromised but some user data, including encrypted passwords wee accessed, and they've reset Facebook logins as a precaution. Their CEO, Yancey Strickler, posted on the Kickstarter blog:

While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one.

As a precaution, we have reset your Facebook login credentials to secure your account. No further action is necessary on your part.

Kickstarter says the security breach has been closed, and they've apologized and vowed to continue to increase security. They've also posted an FAQ with the answers to some common questions. Check it out, and if you received a notification, let me know — how do you feel about it, and online security in general these days?

Have something to say about this story? Leave a comment! Need help with something else? Ask in our forums!

Rene Ritchie

EiC of iMore, EP of Mobile Nations, Apple analyst, co-host of Debug, Iterate, Vector, Review, and MacBreak Weekly podcasts. Cook, grappler, photon wrangler. Follow him on Twitter and Google+.

More Posts



← Previously

Synology Diskstation DS1513+ NAS quick look

Next up →

Deal of the Day: Qmadix Vital Cover for iPhone 5/5S

Reader comments

Kickstarter hacked, no credit cards compromised but your Facebook login has been reset


Online security is a joke. Is there any major service which hasn't been hacked?

Is it simply impossible to secure a network, or are the hackers simply smarter than those paid to keep them out? You would hope complacency is no longer an issue at least.

I received the letter and reset my password. What disturbs me more is that, according to the letter, Kickstarter learned of this breach Wednesday night but elected to not inform anyone until Saturday afternoon.

Sent from the iMore App

That is the problem. When something like this happens, notification should be done right away. The window of opportunity is increased the longer you wait to tell victims. Do not down play breaches, as most companies do.

Sent from the iMore App

Very unfortunate situation, at least they were forthcoming about the situation. Well glad I stop using Facebook months ago.

Sent from the iMore App

The saddest part of this is the root of the problem - people who hack into companies accounts.

Sent from the iMore App

I'm glad no one on this site has suggested closing their accounts. As someone who is still awaiting rewards from several backed projects, deleting my Kickstarter account just isn't an option.

Thankfully I use LastPass to manage my passwords and I only needed to change the one as I never repeat the same password. It's unlikely that the hackers would have been able to crack it anyway, it was 15 characters long and a completely incomprehensible series of numbers symbols and letters of varying case, but it's best to be safe and change it anyway.

I'm more cross about my postal address getting leaked than encrypted passwords as that potentially leaves people open to social engineering attacks like what happened to @N.

Why don't companies encrypt the whole personal database portion leaving only an ID number or a username linked to everything else?