Kickstarter, the hugely popular crowdfunding website that has helped gamers worldwide fund their favorite projects, has been hacked, with the website confirming that, while no credit card information has been accessed, personal data like usernames, email addresses, and other such things have been.
Kickstarter has become a major tool for developers to seek money straight from their fans, promising a much bigger role in a game's development and all sorts of extra goodies.
Unfortunately, it seems that Kickstarter was hacked on Wednesday night, February 12. Now, after a thorough investigation, the website has confirmed on its blog that the hacker attack did happen.
"No credit card data of any kind was accessed by hackers. There is no evidence of unauthorized activity of any kind on all but two Kickstarter user accounts," the website revealed.
"While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords. Actual passwords were not revealed, however it is possible for a malicious person with enough computing power to guess and crack an encrypted password, particularly a weak or obvious one."
As such, all users should create a new password for their Kickstarter accounts as well as for all the others that used the same password.
"We’re incredibly sorry that this happened. We set a very high bar for how we serve our community, and this incident is frustrating and upsetting. We have since improved our security procedures and systems in numerous ways, and we will continue to do so in the weeks and months to come. We are working closely with law enforcement, and we are doing everything in our power to prevent this from happening again," the website added.
According to Kickstarter, some passwords were "uniquely salted and digested with SHA-1 multiple times," while others were hashed with bcrypt, but the hackers, with enough computational power, can decrypt them.