Kickstarter announced today on its blog that it has been hacked, after the company was advised by law enforcement that hackers had gained private customer information on Wednesday night this week.
While the company says that no credit card information was accessed by hackers, it is advising all users of the service to reset their password immediately and ensure that any other accounts that use the same password are changed as soon as possible.
Unfortunately, other personal information including email addresses, mailing addresses, phone numbers and encrypted passwords were compromised in the attack. A Kickstarter staff member said on HackerNews that older users’ passwords were encrypted using salted SHA1 on the site, but newer passwords use a method called ‘bcrypt’ which may be safer.
The company said on its blog that it is “incredibly sorry that this happened” and that the “incident is frustrating and upsetting.” It continued, saying Kickstarter has “since improved our security procedures and systems in numerous ways [and is] working closely with law enforcement.”