One of the most popular crowdsourcing platforms Kickstarter has revealed that its defenses were breached by hackers and customer data including email addresses, encrypted passwords, and phone numbers among other details were accessed by the perpetrators.
The breach, which occurred a few days back, was reported by Kickstarter today. “On Wednesday night, law enforcement officials contacted Kickstarter and alerted us that hackers had sought and gained unauthorized access to some of our customers’ data”, read the opening statement of Kickstarter blog post.
The crowdsourcing platform has claimed that credit card details were not accessed by hackers and the passwords were encrypted.
“While no credit card data was accessed, some information about our customers was. Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords”, said Kickstarter.
In the period between February 12 and February 16, Kickstarter claimed that it acted upon the information from law enforcement officials and “immediately closed the security breach”. It also revealed that it strengthened its security systems and will continue to do so for days and months to come.
In an FAQ section which was updated later in the day, Kickstarter answered one of the repeatedly asked questions as to why did it take so many days to notify users of the security breach. “We immediately closed the breach and notified everyone as soon we had thoroughly investigated the situation”, said the crowdsourcing platform.
However, there are quite a few unanswered questions including how long did the hackers have access to site’s infrastructure or servers; how did the law enforcement agencies find out about the security breach; and what type of flaw was targeted by hackers?