14 DAY TRIAL // The popular funding platform Kickstarter has been found to contain a security hole which allowed users to gain access to unlaunched projects.
According to Kickstarter’s Yancey Strickler, the bug was found in the API the company introduced along with its website’s new homepage on April 24.
The flaw exposed information such as project description, duration, goal, videos, images, locations and user names, but fortunately, financial data was never at risk.
Until the issue was addressed, during the three weeks in which it was present, a number of 48 projects that had not yet been released were accessed, most of them by a computer programmer who works as a reporter for the Wall Street Journal, and who contacted Kickstarter.
“Obviously our users' data is incredibly important to us. Even though limited information was made accessible through this bug, it is completely unacceptable. We want to underline once again that zero account or financial information was at any time made accessible by this bug,” Strickler wrote.