Kickstarter Hacked, But No Credit Card Information Compromised

Kickstarter Hacked, But No Credit Card Information Compromised

Kickstarter is recommending that users change their passwords after hackers gained access to customer data earlier this week, Reuters reports. While the passwords were encrypted, it’s still possible for them to be decrypted through brute force methods.

Play Quizzes 4

“No credit card data of any kind was accessed by hackers. There is no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts,” said Kickstarter Chief Executive Officer Yancey Strickler. The two users whose accounts showed unauthorized activity have already been contacted by Kickstarter.

Voss Value Sees Plenty Of Opportunities In Cheap Small Caps [Exclusive]

investFor the first quarter of 2022, the Voss Value Fund returned -5.5% net of fees and expenses compared to a -7.5% total return for the Russell 2000 and a -4.6% total return for the S&P 500. According to a copy of the firm’s first-quarter letter to investors, a copy of which ValueWalk has been able Read More

Kickstarter doesn’t store full credit card numbers

Kickstarter says that it has fixed the security flaw that allowed the breach, without specifying what went wrong, and said that they are working with police to investigate the attack. Strickler’s blog post also said that the company doesn’t store full credit card numbers. For pledges to projects in the US it uses Amazon’s payment system, and for pledges to projects outside the US it only stores credit cards’ last four digits and expiration date, although this data was also not compromised by the attack.

Kickstarter all reset all Facebook credentials, since many people access the site through their Facebook account, although reconnecting them should be straightforward.

Kickstarter limited the impact of the attack

While every high profile attack renews concerns about cybercrime and raises questions about who should be responsible for damages in cases where credit card information is compromised (the customer, the issuing bank, the site that was hacked), it looks like Kickstarter has handled security well in this instance. They aren’t any obvious lapses of judgment, like the time it turned out Sony had been storing user passwords in plaintext, and the decision not to store too much financial information on their own database shows they had already made plans to limit the impact of an attack.

In a nod to people’s continuing terrible password habits, Kickstarter recommended “that you create a new password for your Kickstarter account, and other accounts where you use this password.” It’s no secret that people still use weak passwords, and reuse them at multiple sites to make them easier to remember, even though this leaves them vulnerable to having multiple accounts compromised from a single attack, but the difficulty of remembering a large number of strong passwords is too much to expect from millions of people.

Updated on

Michael has a Bachelor's Degree in mathematics and physics from Boston University and Master's Degree in physics from University of California, San Diego. He has worked as an editor and writer for several magazines. Prior to his career in journalism, Michael Worked in the Peace Corps teaching math and science in South Africa.
Previous article Tesla Motors Inc (TSLA) Battles Big Political Spenders In Ohio
Next article Samsung Galaxy S5 Release Date And Rumored Specs

No posts to display


  1. Sony said the same thing, Target said the same thing. LIES! ALL LIES! Your data was stolen and now so was your ID. Kickstarter helped successfully start a new business here…

Comments are closed.